Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Speed and innovation rule in software development, which makes it easy to overlook one crucial aspect: security. As a Staff Solutions Engineer at Snyk, I’ve seen firsthand how a single overlooked vulnerability can spiral into a crisis, affecting businesses, customers, and trust. Secure coding isn’t just about writing better code—it’s about protecting what matters, which includes the credibility and reputation of individuals, teams, and the business.

In the afternoon on Friday, March 14, 2025, details began to emerge about a serious security exploit on a popular GitHub Action called changed files (tj-actions/changed-files). About 23,000 GitHub repos use this Action as part of their CI and DevOps workflows. It allows you to track which files have changed across branches and commits. An attacker with write privileges on the Action repo made a commit that caused encrypted secrets to appear in plaintext in the GitHub Action logs.

On March 14, 2025, StepSecurity uncovered a compromise in the popular GitHub Action tj-actions/changed-files. Tens of thousands of repositories use this action to track file changes, and it is now known to have been tampered with, posing a risk to both public and private projects. A CVE has been created for this issue: CVE-2025-30066.

A devastating new remote code execution (RCE) vulnerability, CVE-2025-24813, is now actively exploited in the wild. Attackers need just one PUT API request to take over vulnerable Apache Tomcat servers. The exploit, originally published by a Chinese forum user iSee857, is already available online: CVE-2025-24813 PoC by iSee857.

The Shadowserver group recently identified over 41,500 internet-exposed VMware ESXi hypervisors vulnerable to CVE-2025-22224, a critical Time-of-Check Time-of-Use (TOCTOU) code execution attack. The attackers who gain administrative access to a compromised VM can exploit this flaw to execute arbitrary code on the hypervisor, gaining full control over all hosted VMs and networked assets. Broadcom released emergency patches for ESXi and Workstation products to remediate the flaw.

Every day, security teams are expected to manage risks in cloud environments that they don’t fully control, can’t always see, and that are constantly changing. Cloud-native assets—such as container workloads, autoscaling groups, and serverless functions—are highly dynamic, appearing, disappearing, and evolving in response to demand and functionality changes.

As organizations continue to evolve their DevSecOps programs by adopting comprehensive testing and monitoring, the next step is to take action on the insights uncovered. This means remediating security issues as early as possible and responding to security alerts and incidents in a timely manner. However, many security and development teams find that triaging the findings of every tool and managing remediation efforts is time-consuming and costly.

Managing the risks of AI development tools is crucial for organizations looking to responsibly and effectively leverage this technology’s potential. AI offers transformative capabilities, particularly in coding assistance, where tools can speed up development and reduce manual workloads. However, these benefits can come with risks, such as security vulnerabilities and compliance challenges, that cannot be overlooked.