GitHub Action Supply Chain Attack: Reviewdog/action-setup

GitHub Action supply chain attack: reviewdog/action-setup detected. Attack compromised tj-actions/changed-files, leaking secrets. Wiz Research links attack to reviewdog/action-setup@v1, suggesting ongoing risks. Compromised Personal Access Token allowed modifications. Secrets visible in CI logs; public repositories exposed secrets, while private ones potentially retained internal risks. Immediate action recommended: stop using affected actions, rotate leaked secrets, and audit workflows. Use specific commit hashes for security. Wiz offers detection tools for compromised actions and incident monitoring.

https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup

Google Owner Alphabet to Buy Cybersecurity Startup Wiz for $32B

Google's parent company, Alphabet, plans to acquire cybersecurity startup Wiz for $32 billion, marking its largest acquisition. This move is part of Google's strategy to boost its cloud computing capabilities amid rising competition from Microsoft and Amazon. If approved by regulators, Wiz will enhance Google Cloud's security tools, which are crucial for handling increasing demand for AI-driven data centers. Despite the deal's potential benefits, concerns about antitrust implications loom, with the acquisition expected to face scrutiny before its anticipated closure in 2026.

https://apnews.com/article/google-alphabet-wiz-32-billion-e50fb41b9a84a1056a116f963e6efed0

BitM Up! Session Stealing in Seconds Using the Browser-in-the-Middle Technique

TLDR: BitM attacks rapidly compromise web application sessions, bypassing MFA through social engineering. Adversaries target session tokens via tools like Evilginx2. Mandiant's Delusion tool enhances BitM efficiency, enabling session stealing with minimal prior knowledge of target authentication methods. Strong defenses, including hardware-based MFA and client certificates, are crucial to thwarting such threats. Organizations should adopt layered security measures to protect sensitive data from BitM exploits.

https://cloud.google.com/blog/topics/threat-intelligence/session-stealing-browser-in-the-middle/

GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories

GitHub Action tj-actions/changed-files was compromised, exposing CI/CD secrets in over 23,000 repositories. Attackers altered its code, allowing sensitive information such as AWS keys and GitHub PATs to be printed in build logs. The incident, assigned CVE-2025-30066 (CVSS 8.6), highlights supply chain risks in CI/CD environments. Users should update to the latest version (46.0.1) and review workflows from March 14-15 for any unexpected outputs. GitHub has revoked the compromised PAT and implemented stricter access controls to prevent future attacks.

https://thehackernews.com/2025/03/github-action-compromise-puts-cicd.html

Jailbreaking Is (mostly) Simpler Than You Think

Microsoft's blog discusses a straightforward jailbreak method, Context Compliance Attack (CCA), effective against many AI systems. CCA manipulates AI by exploiting reliance on client-supplied conversation history, allowing for context manipulation with minimal effort. Models maintaining conversation state, like Copilot and ChatGPT, are safe from this attack. Microsoft suggests enhancements like cryptographic signatures and server-side history to bolster AI safety. The implications of CCA stress the need for comprehensive security considerations in AI system designs, encouraging discussions on further mitigation strategies.

https://msrc.microsoft.com/blog/2025/03/jailbreaking-is-mostly-simpler-than-you-think/

Remote Access Infra Remains Riskiest Corp. Attack Surface

,

Remote access infrastructure poses significant risks for corporations, with exposed login panels for VPNs and remote access systems increasing vulnerability to ransomware attacks. Analysis shows many companies have poorly secured login credentials, often leading to data breaches and making it harder to obtain cyber insurance. Recommendations for securing remote access include keeping network equipment updated, implementing strong multifactor authentication (MFA), and adopting a zero-trust security model.

https://www.darkreading.com/cyber-risk/remote-access-infra-remains-riskiest-corp-attack-surface

You Have 7 Days To Act Following Gmail Lockout Hack Attacks, Google Says

Google warns Gmail users to act within 7 days if locked out due to hacks. Quick recovery is essential, especially after an attacker changes login credentials. Users should ensure a recovery phone number and email are linked to their accounts for regaining access. Google advises implementing stronger security measures like two-factor authentication (2FA) to prevent future breaches.

https://www.forbes.com/sites/daveywinder/2025/03/16/you-have-7-days-to-act-following-gmail-lockout-hack-attack-google-says/

Google’s ‘consent-less’ Android Tracking Probed by Academics • The Register

, ,

Google's Android tracking has been criticized by researchers for using identifiers to track users without consent. Research by Doug Leith from Trinity College Dublin highlights that data collection occurs before users open any apps, primarily through pre-installed services like Google Play. Key identifiers, such as the “DSID” cookie and Android ID, are created during the startup process and track users even after they log out, with no opt-out option available. Leith's findings suggest possible violations of data protection laws, which Google disputes, emphasizing a commitment to user privacy. Users have expressed frustration, especially regarding a recent system feature that scans images without consent.

https://www.theregister.com/2025/03/04/google_android/

New XCSSET Malware Adds New Obfuscation, Persistence Techniques to Infect Xcode Projects

,

New XCSSET malware variant enhances techniques for infecting Xcode projects, employing improved obfuscation, persistence methods, and novel infection strategies. This modular macOS malware targets developers via their Xcode projects, using encoded payloads and enhanced scripting for stealth. Its modular design enables complex multi-stage infections, focusing on stealing user information and while remaining difficult to detect. Mitigation includes using updated OS versions, inspecting Xcode projects, and employing Microsoft Defender for security against threats.

https://www.microsoft.com/en-us/security/blog/2025/03/11/new-xcsset-malware-adds-new-obfuscation-persistence-techniques-to-infect-xcode-projects/

Critical PHP Vulnerability Under Widespread Cyberattack

Critical PHP vulnerability CVE-2024-4577 is under widespread cyberattack, particularly affecting Windows systems. Exploits have surged globally, with impacts noted in the U.S., U.K., Japan, and more since late 2024. The vulnerability allows remote code execution, prompting rapid exploitation by various threat actors, including ransomware campaigns. GreyNoise reports significant spikes in attack attempts from numerous IP addresses, particularly from Germany and China. Cisco Talos indicates ongoing targeted attacks in Japan, suggesting escalating security concerns.

https://www.cybersecuritydive.com/news/critical-php-vulnerability-under-widespread-cyberattack/742036/

The Digital Illusion: Millennials and Online Safety Risks

,

TLDR: 70% of millennials rarely verify online identities, risking exposure to identity fraud and misinformation. Despite digital savviness, many still trust misleading online interactions, highlighting a gap in cybersecurity awareness. Oversharing personal information increases vulnerability to attacks. Millennials need to adopt critical thinking and verify sources to strengthen their online safety.

https://www.kaspersky.com/blog/the-digital-illusion/53137/

Gen Z Facing Increased Cybersecurity Threats

, ,

Gen Z, digital natives, face significant cybersecurity risks despite tech familiarity. Studies reveal overconfidence in recognizing threats, with 52% using vulnerable passwords. The rise of AI complicates matters, as 46% share sensitive data with AI tools unchecked. Training gaps persist, with many lacking access to education, and those offered abandon important security tools. Psychological stress about job security due to breaches is notable. However, growing awareness among Gen Z could foster stronger cybersecurity defenses in the future.

https://www.pandasecurity.com/en/mediacenter/gen-z-facing-increased-cybersecurity-threats/

Undocumented Commands Found in Bluetooth Chip Used by a Billion Devices

Espressif's ESP32 Bluetooth chip, used in over 1 billion devices, has undocumented commands that could enable attacks like device impersonation and unauthorized data access. Discovered by Spanish researchers, these commands may allow malicious actors to manipulate memory and bypass security controls, posing significant risks, especially in IoT devices. Concerns about potential exploitation are ongoing, with a specific vulnerability tracked under CVE-2025-27840.

https://www.bleepingcomputer.com/news/security/undocumented-commands-found-in-bluetooth-chip-used-by-a-billion-devices/

New AI Protection From Google Cloud Tackles AI Risks, Threats, and Compliance

, ,

Google Cloud launched AI Protection, enhancing security for generative AI with capabilities to discover AI assets, secure them, and manage associated threats. It integrates with Google’s Security Command Center for comprehensive risk management and regulatory compliance. Key features include automatic inventory discovery, prompt injection prevention, and threat detection, providing a broader security platform to mitigate AI-related vulnerabilities.

https://www.securityweek.com/new-ai-protection-from-google-cloud-tackles-ai-risks-threats-and-compliance/

Badbox Is Back and a Million Android Devices Were Backdoored • The Register

,

Badbox botnet resurfaces, infecting up to a million Android devices via malware. Originating with off-brand devices, it targets cheap hardware running AOSP. The malware operates through infected apps on third-party stores, deceiving users. Human Security reports a rise in complexity and collaboration among criminals, increasing device variety and fraud tactics. Infected devices are traced globally; the botnet’s revenue comes from disguised ad fraud. Though number of infected devices has halved due to intervention, ongoing risks remain as criminals adapt their strategies.

https://www.theregister.com/2025/03/07/badbox_botnet_returns/

Scroll to Top