Cybersecurity

GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories 

GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories 

Cybersecurity researchers are calling attention to an incident in which the popular GitHub Action tj-actions/changed-files was compromised to leak secrets from repositories using the continuous integration and continuous delivery (CI/CD) workflow.
The incident involved the tj-actions/changed-files GitHub Action, which is used in over 23,000 repositories. It’s used to track and retrieve all

Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal 

Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal 

Cybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index (PyPI) repository with bogus libraries masquerading as “time” related utilities, but harboring hidden functionality to steal sensitive data such as cloud access tokens.
Software supply chain security firm ReversingLabs said it discovered two sets of packages totaling 20 of them. The packages

ClickFix: How to Infect Your PC in Three Easy Steps 

ClickFix: How to Infect Your PC in Three Easy Steps 

A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed “ClickFix,” the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware.

Alleged Israeli LockBit Developer Rostislav Panev Extradited to U.S. for Cybercrime Charges 

Alleged Israeli LockBit Developer Rostislav Panev Extradited to U.S. for Cybercrime Charges 

A 51-year-old dual Russian and Israeli national who is alleged to be a developer of the LockBit ransomware group has been extradited to the United States, nearly three months after he was formally charged in connection with the e-crime scheme.
Rostislav Panev was previously arrested in Israel in August 2024. He is said to have been working as a developer for the ransomware gang from 2019

GSMA Confirms End-to-End Encryption for RCS, Enabling Secure Cross-Platform Messaging 

GSMA Confirms End-to-End Encryption for RCS, Enabling Secure Cross-Platform Messaging 

The GSM Association (GSMA) has formally announced support for end-to-end encryption (E2EE) for securing messages sent via the Rich Communications Services (RCS) protocol, bringing much-needed security protections to cross-platform messages shared between Android and iOS platforms.
To that end, the new GSMA specifications for RCS include E2EE based on the Messaging Layer Security (MLS) protocol

Live Ransomware Demo: See How Hackers Breach Networks and Demand a Ransom 

Live Ransomware Demo: See How Hackers Breach Networks and Demand a Ransom 

Cyber threats evolve daily. In this live webinar, learn exactly how ransomware attacks unfold—from the initial breach to the moment hackers demand payment.
Join Joseph Carson, Delinea’s Chief Security Scientist and Advisory CISO, who brings 25 years of enterprise security expertise. Through a live demonstration, he will break down every technical step of a ransomware attack, showing you how

Why Most Microsegmentation Projects Fail—And How Andelyn Biosciences Got It Right 

Why Most Microsegmentation Projects Fail—And How Andelyn Biosciences Got It Right 

Most microsegmentation projects fail before they even get off the ground—too complex, too slow, too disruptive. But Andelyn Biosciences proved it doesn’t have to be that way. 
Microsegmentation: The Missing Piece in Zero Trust Security 
Security teams today are under constant pressure to defend against increasingly sophisticated cyber threats. Perimeter-based defenses alone can no

New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions 

New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions 

Users searching for pirated software are the target of a new malware campaign that delivers a previously undocumented clipper malware called MassJacker, according to findings from CyberArk.
Clipper malware is a type of cryware (as coined by Microsoft) that’s designed to monitor a victim’s clipboard content and facilitate cryptocurrency theft by substituting copied cryptocurrency wallet addresses

NEW CUSTOMERS CALL TODAY: 720.221.6804  |  EXISTING CUSTOMERS REQUIRING SUPPORT: 303.617.6442

X