More results...
A critical security incident has been uncovered involving the popular GitHub Action tj-actions/changed-files, which is used in over 23,000 repositories. The attack involves a malicious modification of the Action’s code, leading to the exposure of…
GitHub security alert: Malicious code found in ‘tj-actions/changed-files,’ impacting 23K+ repos. Learn how to check, remove, and protect…
A phishing campaign targeting GitHub account owners has been trying to scare them with a fake security alert into allowing a malicious OAuth app access to their account and repositories. The fake security alert from GitHub GitHub users have taken to so…
The tj-actions/changed-files GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack.
The post Popular GitHub Action Targeted in Supply Chain Attack appeared first on SecurityWeek.
IntelMQ is an open-source solution designed to help IT security teams (including CERTs, CSIRTs, SOCs, and abuse departments) streamline the collection and processing of security feeds using a message queuing protocol. “Originally designed for CSI…
NetBird is an open-source solution that integrates a configuration-free peer-to-peer private network with centralized access control, providing a single platform to build secure private networks for your organization or home. NetBird features NetBird c…
A Proof of Concept (PoC) exploit for the Apache Camel vulnerability CVE-2025-27636 has been released on GitHub. This vulnerability affects Apache Camel versions 4.10.0-4.10.1, 4.8.0-4.8.4, and 3.10.0-3.22.3, allowing attackers to inject arbitrary heade…
Hetty is an open-source HTTP toolkit designed for security research, offering a free alternative to commercial tools like Burp Suite Pro. Built with the needs of penetration testers, security professionals, and bug bounty hunters in mind, Hetty provide…
In a recent alert, Microsoft revealed a large-scale malvertising campaign that has compromised nearly one million devices worldwide. This campaign, which began in early December 2024, leverages malicious redirects from illegal streaming websites to del…
Microsoft Threat Intelligence exposes a malvertising campaign exploiting GitHub, Discord, and Dropbox. Discover the multi-stage attack chain, the…