Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A major supply chain attack has exposed sensitive CI/CD secrets in GitHub Action tj-actions/changed-files, known as CVE-2025-30066, across 218 repositories. This incident has raised significant concerns about security and is connected to an earlier attack on the other GitHub Action, reviewdog/action-setup@v1, tracked as CVE-2025-30154. While only 4% of the 5,416 repositories that were affected had secrets leaked, the damage is severe.

Not all threats to your accounts and privacy happen online. They can happen right next to you. The stranger sitting next to you on the metro, coffee shop, or airport may not be some innocent stranger. Instead, they could be looking for an opportunity and the right moment to look over your shoulder and steal your passwords or personal information. Shoulder surfing attacks happen when someone watches you enter sensitive information, such as a PIN or password, into your device or account.

Fraud has moved from an IT issue to a boardroom topic across industries. The more complex the fraud, the bigger the financial, brand, and customer risk. E-commerce fraud, for example, is expected to cost from $44.3 billion in 2024 (when it was last reported) to $107 billion in 2029, a 141% increase. And that’s just one industry. When the stakes are this high, you can’t blindly chase threats.

In my security research role at Corelight, I often have to go through large, complex data sets to detect subtle anomalies and threats. It reminds me of a famous quote by Abraham Lincoln: Give me six hours to chop down a tree and I will spend the first four sharpening the axe. For me, that means investing time up front to build tools that allow a large language model (LLM) to do the heavy lifting on key tasks, namely those that teams of analysts would have handled in the past.

Data poisoning is a sophisticated adversarial attack designed to manipulate the information used in training artificial intelligence (AI) models. By injecting deceptive or corrupt data, attackers can hurt model performance, introduce biases, or even create security vulnerabilities. As AI models increasingly power critical applications in cybersecurity, healthcare, finance, and many other industries, maintaining the integrity of their training data is absolutely critical.

Assume starting your weekday with a cup of coffee and being prepared to take on the tasks of the day. Suddenly you notice something unusual as the machine starts. The previously accessed files disappear, and the screen flickers. A red notice appears stating the files have been encrypted and the data would be permanently deleted unless a total of ten million dollars in Bitcoin is paid within 48 hours.

The internet can be divided into three primary layers, each with its specific traits and ranges of accessibility as Surface, Deep and Dark web.Each layer serves a purpose in the structure of the internet; the former is easily accessible to users; the intermediate phase houses a large amount of Information and the latter is a space for both illegal and legitimate anonymous activities. When Privacy Information is leaked such as medical records, it completely ruins someone's reputation and personal life.

On March 24, 2025, Wiz Research disclosed a series of critical vulnerabilities in Ingress NGINX Controller for Kubernetes, collectively dubbed: These unauthenticated Remote Code Execution (RCE) vulnerabilities have been assigned a CVSS base score of 9.8. According to Wiz Research, exploitation allows attackers to gain unauthorized access to all secrets across all namespaces in affected Kubernetes clusters, potentially leading to complete cluster takeover.

On Monday, March 24, 2025, a set of critical vulnerabilities affecting the admission controller component of the Ingress NGINX Controller for Kubernetes was announced. In total, five vulnerabilities were announced; the most severe vulnerability, CVE-2025-1974 (CVS 9.8), may result in remote code execution (RCE). Exploitation of this vulnerability can be detected with Sysdig Secure or the Falco rule provided in this article.

On March 11, 2025, a supply chain attack targeting the widely used GitHub Action reviewdog/action-setup@v1, leading to the exposure of sensitive CI/CD secrets across multiple repositories. The attack was identified by Wiz Research, which determined that this compromise played a pivotal role in the tj-actions/changed-files incident (Wiz, 2025).