GitHub announced updates to its Advanced Security platform after it detected over 39 million leaked secrets in repositories during 2024, including API keys and credentials, exposing users and organizations to serious security risks. In a new report by GitHub, the development company says the 39 million secrets were found through its secret scanning service, a … Read more
Infrastructure-as-code provider Pulumi Corp. today announced four product enhancements that are designed to improve security, streamline automation and provide greater control over cloud resources. Pulumi has introduced new features to enhance cloud security and automation, including automated secrets rotation, secure GitHub Actions integration and granular role-based access controls. The company has also expanded its policy-as-code capabilities to … Read more
from the clownshow dept In Mike’s thorough post yesterday on the topic of the Trump administration’s naked contempt for judicial oversight, the main theme and takeaway from it was a simple one: this authoritarian regime would much rather waste everyone’s time trying to play procedural and semantic games with the courts than actually participate in … Read more
Widening impact assessment The tj-actions developers had previously reported they could not determine exactly how attackers gained access to their GitHub personal access token. This new finding from Wiz provides the missing link, suggesting that the initial reviewdog compromise was the first domino in this cascading attack chain. Beyond the confirmed compromise of reviewdog/action-setup@v1, the … Read more
From left: Freightmate co-founders Jason Zhao, Bryan Lacaillade, and Rishab Gadroo. (Freightmate Photo) A new lawsuit filed by logistics giant Flexport alleges that two of its former employees stole thousands of confidential files before leaving and launching their own Seattle-area startup. Freightmate CEO Bryan Lacaillade and CTO Yingwei (Jason) Zhao are named as defendants in the … Read more
A supply chain attack on the widely used ‘tj-actions/changed-files’ GitHub Action, used by 23,000 repositories, potentially allowed threat actors to steal CI/CD secrets from GitHub Actions build logs. The GitHub Action is a very popular automation tool designed for GitHub Actions workflows. It allows developers to identify files changed in a pull request or commit … Read more
Open-source software used by more than 23,000 organizations, some of them in large enterprises, was compromised with credential-stealing code after attackers gained unauthorized access to a maintainer account, in the latest open-source supply-chain attack to roil the Internet. The corrupted package, tj-actions/changed-files, is part of tj-actions, a collection of files that’s used by more than … Read more
Meta (META) , which owns popular social media platforms Facebook and Instagram, is sick of having confidential company information leaked to the public. Over the past few weeks, Meta has faced controversy over how it conducted its first round of job cuts this year, which involves firing 5% of its workforce, with a focus on … Read more
Will these secure crypto coins shape the next era of the crypto industry? Bybit released a forensic report detailing the $1.5 billion security breach. Security firm Sygnia found that a malicious JavaScript was injected into Safe{Wallet}’s AWS S3 bucket, altering transactions. This unfortunate incident is another reminder to only trust safe and reputable platforms and … Read more
Ever wondered what trading volume really means and how it can supercharge your market analysis? 🤔💡 Check out our latest article: “Trading Volume Explained: What It Is and How to Analyse It” 🔎📈 ✅ Learn why volume matters in trading✅ Discover how to spot market trends early✅ Master key volume indicators for smarter decisions 📖 … Read more