Open-Source Security | Breaking Cybersecurity News | The Hacker News

From sophisticated nation-state campaigns to stealthy malware lurking in unexpected places, this week's cybersecurity landscape is a reminder that attackers are always evolving. Advanced threat groups are exploiting outdated hardware, abusing legitimate tools for financial fraud, and finding new ways to bypass security defenses. Meanwhile, supply chain threats are on the rise, with open-source repositories becoming a playground for credential theft and hidden backdoors. But it's not all bad news—law enforcement is tightening its grip on cybercriminal networks, with key ransomware figures facing extradition and the security community making strides in uncovering and dismantling active threats. Ethical hackers continue to expose critical flaws, and new decryptors offer a fighting chance against ransomware operators. In this week's recap, we dive into the latest attack techniques, emerging vulnerabilities, and defensive strategies to keep you ahead of the curve. Stay informed, stay sec...

Cybersecurity researchers are calling attention to an incident in which the popular GitHub Action tj-actions/changed-files was compromised to leak secrets from repositories using the continuous integration and continuous delivery (CI/CD) workflow. The incident involved the tj-actions/changed-files GitHub Action, which is used in over 23,000 repositories. It's used to track and retrieve all changed files and directories. The supply chain compromise has been assigned the CVE identifier CVE-2025-30066 (CVSS score: 8.6). The incident is said to have taken place sometime before March 14, 2025. "In this attack, the attackers modified the action's code and retroactively updated multiple version tags to reference the malicious commit," StepSecurity said . "The compromised Action prints CI/CD secrets in GitHub Actions build logs." The net result of this behavior is that should the workflow logs be publicly accessible, they could lead to the unauthorized expo...