Coinbase Targeted in GitHub Actions Breach
March 24, 2025
A major GitHub Actions breach targeted Coinbase, exploiting the tj-actions/changed-files action to steal secrets. Although Coinbase claims no damage, the
Security Spotlight
Coinbase Targeted in GitHub Actions Breach
A major GitHub Actions breach targeted Coinbase, exploiting the tj-actions/changed-files action to steal secrets. Although Coinbase claims no damage, the attack highlights supply chain vulnerabilities.
CISA Says NAKIVO Backup Flaw is Actively Exploited in Attacks
CISA warns of a critical NAKIVO backup flaw, CVE-2024-48248, allowing unauthorized file access, urging organizations to patch systems promptly.
GitHub Supply Chain Attack Exposes Secrets in 218 Repositories
A GitHub Action supply chain attack exposed secrets from 218 repositories due to malicious code in tj-actions/changed-files, impacting popular projects and potentially causing further supply ...
WordPress Plugin WP Ghost Vulnerable to Critical Remote Code Execution Bug
Critical remote code execution vulnerability in WordPress plugin WP Ghost allows attackers to hijack servers. Urgent updates are required.
Critical Cisco Smart Licensing Utility Flaws Exploited in Attacks
Cisco's Smart Licensing Utility vulnerabilities CVE-2024-20439 and CVE-2024-20440 are now exploited, allowing unauthorized access through a backdoor admin account.
HellCat Hacking Spree Targets Jira Servers Worldwide
HellCat hackers are exploiting compromised Jira credentials in a worldwide hacking spree, targeting companies like Ascom and Jaguar Land Rover, stealing sensitive data including source ...
RansomHub Ransomware Leverages New Betruger Backdoor for Enhanced Attacks
RansomHub ransomware uses a new multi-function backdoor, Betruger, for enhanced attacks, streamlining the deployment process and minimizing detection.
Critical MegaRAC Bug Lets Attackers Hijack and Brick Servers
MI MegaRAC BMC vulnerability (CVE-2024-54085) lets attackers remotely hijack and brick servers, impacting numerous vendors and potentially causing significant damage.
This Week In Cybersecurity: 17th March to 21st March, 2025
This week in cybersecurity reports on a range of incidents, including a major data breach at California Cryobank and a supply chain attack affecting GitHub ...
Veeam Backup & Replication Flaw Allows Remote Execution of Malicious Code
A critical vulnerability in Veeam Backup & Replication allows remote code execution, affecting various versions and posing significant security risks.
CISA Says NAKIVO Backup Flaw is Actively Exploited in Attacks
March 21, 2025
CISA warns of a critical NAKIVO backup flaw, CVE-2024-48248, allowing unauthorized file access, urging organizations to patch systems promptly.
GitHub Supply Chain Attack Exposes Secrets in 218 Repositories
March 21, 2025
A GitHub Action supply chain attack exposed secrets from 218 repositories due to malicious code in tj-actions/changed-files, impacting popular projects
WordPress Plugin WP Ghost Vulnerable to Critical Remote Code Execution Bug
March 21, 2025
Critical remote code execution vulnerability in WordPress plugin WP Ghost allows attackers to hijack servers. Urgent updates are required.
Critical Cisco Smart Licensing Utility Flaws Exploited in Attacks
March 21, 2025
Cisco’s Smart Licensing Utility vulnerabilities CVE-2024-20439 and CVE-2024-20440 are now exploited, allowing unauthorized access through a backdoor admin account.
HellCat Hacking Spree Targets Jira Servers Worldwide
March 21, 2025
HellCat hackers are exploiting compromised Jira credentials in a worldwide hacking spree, targeting companies like Ascom and Jaguar Land Rover,
RansomHub Ransomware Leverages New Betruger Backdoor for Enhanced Attacks
March 21, 2025
RansomHub ransomware uses a new multi-function backdoor, Betruger, for enhanced attacks, streamlining the deployment process and minimizing detection.
Critical MegaRAC Bug Lets Attackers Hijack and Brick Servers
March 21, 2025
MI MegaRAC BMC vulnerability (CVE-2024-54085) lets attackers remotely hijack and brick servers, impacting numerous vendors and potentially causing significant damage.
This Week In Cybersecurity: 17th March to 21st March, 2025
March 21, 2025
This week in cybersecurity reports on a range of incidents, including a major data breach at California Cryobank and a
Veeam Backup & Replication Flaw Allows Remote Execution of Malicious Code
March 20, 2025
A critical vulnerability in Veeam Backup & Replication allows remote code execution, affecting various versions and posing significant security risks.
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.