Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Get the TL;DR: tj-actions/changed-files Supply Chain Attack

The tj-actions/changed-files GitHub Action, which is currently used in over 23,000 repositories, has been compromised, leaking secrets through workflow logs and impacting thousands of CI pipelines. All tagged versions were modified, making tag-based pinning unsafe. Public repositories are at the highest risk, but private repos should also verify their exposure.

Cyber Resilience Strategy: How to Build a Strong Framework

Your team is racing against the clock to meet an important deadline. Cybercriminals, however, wait behind the scenes for the right opportunity to attack. It takes a single, well-timed attack to completely disrupt your operations, exposing important data and ruining your brand. With global cybercrime damages projected to hit $10.5 trillion annually by 2025, you must prepare for the worst-case scenario. It’s not enough to just put up walls anymore.

Everything You Need to Know About Card-Not-Present Fraud

Credit and debit cards are vital for online purchases in today’s digital environments, but that doesn’t mean they’re safe from misuse. In 2024, an estimated $10.6 billion was lost due to card-not-present fraud, which accounts for some of the most prevalent scams globally. Card-not-present fraud, or ‘CNP’ fraud, negatively impacts consumers and businesses, causing financial losses and reputational damages.

Detecting and Mitigating the "tj-actions/changed-files" Supply Chain Attack (CVE-2025-30066)

On March 14, 2025, StepSecurity uncovered a compromise in the popular GitHub Action tj-actions/changed-files. Tens of thousands of repositories use this action to track file changes, and it is now known to have been tampered with, posing a risk to both public and private projects. A CVE has been created for this issue: CVE-2025-30066.

One PUT Request to Own Tomcat: CVE-2025-24813 RCE is in the Wild

A devastating new remote code execution (RCE) vulnerability, CVE-2025-24813, is now actively exploited in the wild. Attackers need just one PUT API request to take over vulnerable Apache Tomcat servers. The exploit, originally published by a Chinese forum user iSee857, is already available online: CVE-2025-24813 PoC by iSee857.

Beyond Checkboxes: The Essential Need for Robust API Compliance

APIs serve as essential links in today’s digital infrastructure, enabling data sharing and application integration. However, their widespread use has made them prime targets for attackers. Hence, strict compliance with security regulations is not just optional; it is imperative for business success. The increasing frequency of data breaches and the sophistication of cyber threats highlight the pressing need for strong API security.

NIST SP 800-171 Rev 2 vs Rev 3: What's The Difference?

Government cybersecurity and information security frameworks are a constant work in progress. Many different frameworks draw their requirements from the National Institute of Standards and Technology, and one of the most important documents for cybersecurity is NIST Special Publication 800-171: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations.