The tj-actions/changed-files GitHub Action, which is currently used in over 23,000 repositories, has been compromised, leaking secrets through workflow logs and impacting thousands of CI pipelines. All tagged versions were modified, making tag-based pinning unsafe. Public repositories are at the highest risk, but private repos should also verify their exposure.

Your team is racing against the clock to meet an important deadline. Cybercriminals, however, wait behind the scenes for the right opportunity to attack. It takes a single, well-timed attack to completely disrupt your operations, exposing important data and ruining your brand. With global cybercrime damages projected to hit $10.5 trillion annually by 2025, you must prepare for the worst-case scenario. It’s not enough to just put up walls anymore.

Credit and debit cards are vital for online purchases in today’s digital environments, but that doesn’t mean they’re safe from misuse. In 2024, an estimated $10.6 billion was lost due to card-not-present fraud, which accounts for some of the most prevalent scams globally. Card-not-present fraud, or ‘CNP’ fraud, negatively impacts consumers and businesses, causing financial losses and reputational damages.

On March 14, 2025, StepSecurity uncovered a compromise in the popular GitHub Action tj-actions/changed-files. Tens of thousands of repositories use this action to track file changes, and it is now known to have been tampered with, posing a risk to both public and private projects. A CVE has been created for this issue: CVE-2025-30066.

The largest Java community conference, Devnexus 2025, tackled AI, security, and Java’s role in enterprise development. Read key takeaways for securing applications.

In today’s evolving cyber landscape, threat intelligence has become a cornerstone of effective cybersecurity strategies. As cyber threats grow in sophistication and frequency, understanding emerging trends, adopting advanced tools, and implementing proactive tactics are essential for organisations aiming to safeguard their digital assets. Traditionally, threat intelligence has focused on reactive measures, analysing known threats to mitigate potential damage.

A devastating new remote code execution (RCE) vulnerability, CVE-2025-24813, is now actively exploited in the wild. Attackers need just one PUT API request to take over vulnerable Apache Tomcat servers. The exploit, originally published by a Chinese forum user iSee857, is already available online: CVE-2025-24813 PoC by iSee857.