Data protection and AI: what to know about new UK cyber standard
In a significant move positioning the UK at the forefront of responsible AI adoption, the government has introduced what it calls a “world first” AI-focused…
Author: Cybernoz
DOGE staffer violated security policies at Treasury Department, court filing shows
A staffer for the Department of Government Efficiency (DOGE) violated security policies at the Treasury Department by improperly sharing sensitive personal information outside the agency,…
Supply chain attack against GitHub Action triggers massive exposure of secrets
Security researchers are warning of a supply chain attack against tj-actions/changed-files GitHub Action, which is used in more than 23,000 repositories. A malicious commit was…
Attackers use CSS to create evasive phishing messages
Attackers use CSS to create evasive phishing messages Pierluigi Paganini March 17, 2025 Threat actors exploit Cascading Style Sheets (CSS) to bypass spam filters and…
Black Basta uses brute-forcing tool to attack edge devices
Dive Brief: Black Basta’s private chat logs were leaked last month, revealing the strategies, tactics and targeted vulnerabilities that the notorious ransomware-as-a-service gang used over…
How to encrypt and secure sensitive files on macOS
Encrypting files keeps sensitive data like personal details, finances, and passwords safe from attackers by making them unreadable to unauthorized users. Encryption also safeguards data…
Supply chain attack on popular GitHub Action exposes CI/CD secrets
A supply chain attack on the widely used ‘tj-actions/changed-files’ GitHub Action, used by 23,000 repositories, potentially allowed threat actors to steal CI/CD secrets from GitHub…
Cloud Storage buckets holding sensitive information vulnerable to ransomware attacks
Cloud storage has become an essential tool for businesses and individuals alike to store vast amounts of data, ranging from documents and media to highly…
Warning over free online file converters that actually install malware
The FBI Denver Field Office has warned of an increasing number of scammy websites offering free online file converter services. Instead of converting files, the…
Critical RCE flaw in Apache Tomcat actively exploited in attacks
A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the wild, enabling attackers to take over servers…
Espressif Systems Vulnerabilities Let Attackers Execute Arbitrary Code
Security researchers have uncovered several critical vulnerabilities in Espressif Systems’ ESP-IDF framework that could allow attackers to execute arbitrary code on ESP32 devices via Bluetooth…
Malicious Code Hits ‘tj-actions/changed-files’ in 23,000 GitHub Repos
GitHub security alert: Malicious code found in ‘tj-actions/changed-files,’ impacting 23K+ repos. Learn how to check, remove, and protect your CI/CD pipelines. Research firm StepSecurity’s CI/CD…