Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Credit and debit cards are vital for online purchases in today’s digital environments, but that doesn’t mean they’re safe from misuse. In 2024, an estimated $10.6 billion was lost due to card-not-present fraud, which accounts for some of the most prevalent scams globally. Card-not-present fraud, or ‘CNP’ fraud, negatively impacts consumers and businesses, causing financial losses and reputational damages.

Your team is racing against the clock to meet an important deadline. Cybercriminals, however, wait behind the scenes for the right opportunity to attack. It takes a single, well-timed attack to completely disrupt your operations, exposing important data and ruining your brand. With global cybercrime damages projected to hit $10.5 trillion annually by 2025, you must prepare for the worst-case scenario. It’s not enough to just put up walls anymore.

The tj-actions/changed-files GitHub Action, which is currently used in over 23,000 repositories, has been compromised, leaking secrets through workflow logs and impacting thousands of CI pipelines. All tagged versions were modified, making tag-based pinning unsafe. Public repositories are at the highest risk, but private repos should also verify their exposure.

On March 14, 2025, StepSecurity uncovered a compromise in the popular GitHub Action tj-actions/changed-files. Tens of thousands of repositories use this action to track file changes, and it is now known to have been tampered with, posing a risk to both public and private projects. A CVE has been created for this issue: CVE-2025-30066.

Trustwave's recent completion of the FedRAMP authorization process increases our ability to provide exceptional service to the federal government, the defense industrial base, and those with Cybersecurity Maturity Model Certification (CMMC) requirements, especially with a cloud service offering. Working with the federal government is hardly new for Trustwave.

In today’s evolving cyber landscape, threat intelligence has become a cornerstone of effective cybersecurity strategies. As cyber threats grow in sophistication and frequency, understanding emerging trends, adopting advanced tools, and implementing proactive tactics are essential for organisations aiming to safeguard their digital assets. Traditionally, threat intelligence has focused on reactive measures, analysing known threats to mitigate potential damage.

A KnowBe4 Threat Lab publication Authors: Martin Kraemer, Jeewan Singh Jalal, Anand Bodke, and James Dyer EXECUTIVE SUMMARY: We observed a 98% rise in phishing campaigns hosted on Russian (.ru) top-level domains (TLDs) from December 2024 to January 2025, primarily used for credential harvesting. These Russian.ru domains are run by so-called “bullet-proof” hosting providers, that are known to keep malicious domains running and ignore abuse reports which is ideal for cybercriminals.