Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A major supply chain attack has exposed sensitive CI/CD secrets in GitHub Action tj-actions/changed-files, known as CVE-2025-30066, across 218 repositories. This incident has raised significant concerns about security and is connected to an earlier attack on the other GitHub Action, reviewdog/action-setup@v1, tracked as CVE-2025-30154. While only 4% of the 5,416 repositories that were affected had secrets leaked, the damage is severe.

Maintaining compliance and minimizing security risks has become more complex than ever before. Regulatory frameworks such as GDPR, HIPAA, and SOC 2 require organizations to implement strict measures to protect customer data, secure their network and systems, and respond to audit investigations.

As security threats increase in complexity and scale, modern SIEM solutions are becoming key choices by CISOs for consolidating security monitoring and incident response. Organizations relying on Google or Google Cloud infrastructure are increasingly adopting Google Security Operations (SecOps) to unify their security stack and workflows.

Learn how AI for automation is set to enhance IT processes, boost efficiency, and drive innovation in this comprehensive guide.

On March 24, 2025, ingress-nginx maintainers released fixes for multiple vulnerabilities that could allow threat actors to take over Kubernetes clusters. Ingress is a Kubernetes feature that defines how workload Pods are exposed to the network, while an Ingress Controller implements those rules by configuring the necessary local or cloud resources. According to Kubernetes, ingress-nginx is deployed in over 40% of Kubernetes clusters.

OPKSSH makes it easy to SSH with single sign-on technologies like OpenID Connect, thereby removing the need to manually manage and configure SSH keys. It does this without adding a trusted party other than your identity provider (IdP). We are excited to announce OPKSSH (OpenPubkey SSH) has been open-sourced under the umbrella of the OpenPubkey project.

Protecting individual privacy is paramount, given the proliferation of Personally Identifiable Information (PII) and other sensitive data collected by enterprises across all industries. One way to protect sensitive data is through PII masking e.g., consistently changing names or including only the last four digits of a credit card or Social Security Number.

The Monetary Authority of Singapore (MAS) is both the central bank and chief financial regulator of Singapore. As such, they publish best practices (“Guidelines”) and legally binding regulations (“Notices”) regarding technology risk management and cyber hygiene.