Veeam fixed critical Backup & Replication flaw CVE-2025-23120: https://t.co/Rqh3pxofIl by Security Affairs #infosec #cybersecurity #technology #news
Cybercriminals Taking Advantage Of AI, 'Shadow' Alliances: https://t.co/z2DOR8zFRb by darkreading #infosec #cybersecurity #technology #news
CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise https://t.co/yIAn6zyEkw
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a supply chain attack targeting GitHub Actions, specifically the tj-actions/changed-files repository. This attack has led to the exposure of sensitive information, including AWS keys and GitHub Personal Access Tokens (PATs). CISA confirmed that the attack is actively being exploited and has assigned it a Common Vulnerabilities and Exposures (CVE) identifier, CVE-2025-30066, with a CVSS score of 8.6. The attack reportedly spread through another compromised action, exposing sensitive secrets via logs. In addition, CISA has added vulnerabilities in Fortinet's FortiOS/FortiProxy and NAKIVO to its Known Exploited Vulnerabilities catalog, indicating ongoing threats in the cybersecurity landscape. Europol has also highlighted that cybercrime is evolving into a digital arms race, with AI-driven attacks becoming increasingly sophisticated and precise, targeting governments, businesses, and individuals.
