Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On March 14, 2025, a critical supply chain attack targeted the widely used GitHub Action tj-actions/changed-files. This action, utilized in over 23,000 repositories, was compromised when attackers injected malicious code, causing CI/CD pipeline secrets to be exposed in GitHub Actions logs. This breach raised serious concerns regarding the security of GitHub Actions and the importance of implementing robust security measures in CI/CD workflows.

On March 20, a relatively unknown user on Breach Forums posted the allegation that Oracle had suffered a data breach. According to published reports, the attacker claimed that 6 million customer records were exfiltrated from Oracle's SSO and LDAP systems. The threat actor behind the post is allegedly offering to sell the data, providing multiple purchasing options based on company name, hashed credentials, and other sensitive information.

On March 20, 2025, a threat actor known as Rose87168 posted on the dark web, claiming to be selling breached Oracle Cloud Traditional servers along with approximately 6 million exfiltrated user records. The hacker did not mention the price for the stolen data. He alleged that critical information, including SSO (Single Sign-On) and LDAP credentials, Java Keystore (JKS) files, passwords, and authentication keys, was stolen from Oracle’s login infrastructure.

Most organizations today utilize cloud computing to streamline their workflows and deliver more cost-effective and scalable infrastructure. While some still host everything on-premises, and some are evolving to all-cloud, the middle ground of a hybrid cloud environment is becoming increasingly popular.

In March 2025, several US federal agencies issued a joint warning on the phishing-based, ransomware-as-a-service (RaaS) threat group Medusa and are encouraging organizations to implement mitigations to reduce the likelihood of being impacted by an attack.

Legacy SOCs are failing to keep pace with the speed of today’s threats and evolving attack complexity. The issues of alert fatigue, segmented visibility, and slow response rates are making businesses vulnerable and running up operating expenditures. XDR is beginning to emerge as an innovative answer to these challenges—and one that aligns threat detection, investigation, and response functions across disparate layers of security.

Discover the differences between SAML and OAuth/OpenID Connect for Single Sign-On (SSO) in Atlassian applications. Learn which protocol suits your needs, their strengths, and how miniOrange can boost your authentication strategy.

According to the Exabeam State of Threat Detection, Investigation, and Response Report, global cybersecurity spending is projected to grow from $92 billion in 2022 to over $170 billion by 2027, pushing security teams to invest in solutions that enhance threat detection, investigation, and response (TDIR). Many organizations have relied on on-premises security information and event management (SIEM) solutions for threat monitoring, incident response, and compliance.

IoT device identity management ensures secure device identification and management in a network. With the rise of IoT devices, it’s essential to manage their identities using a device certificate to protect data and prevent unauthorized access. This article explores the key aspects of IoT device identity management, including its importance, methods, and best practices.