It would appear as if Wiz may have discovered another supply-chain compromise:

https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup

The attack involved compromising the v1 tag of reviewdog/action-setup between March 11th 18:42 and 20:31 UTC. Unlike the tj-actions attack that used curl to retrieve a payload, this attack directly inserted a base64-encoded malicious payload into the install.sh file. When executed, the code dumped CI runner memory containing workflow secrets, which were then visible in logs as double-encoded base64 strings. The attack chain appears to have started with the compromise of reviewdog/action-setup, which was then used to compromise the tj-actions-bot Personal Access Token (PAT), ultimately leading to the compromise of tj-actions/changed-files. Organizations are advised to check for affected repositories using GitHub queries, examine workflow logs for evidence of compromise, rotate any leaked secrets, and implement preventive measures like pinning actions to specific commit hashes rather than version tags.

Large enterprises scramble after supply-chain attack spills their secrets

https://arstechnica.com/information-technology/2025/03/supply-chain-attack-exposing-credentials-affects-23k-users-of-tj-actions/

Consumer Groups Push New Law Fighting 'Zombie' #IoT Devices

https://yro.slashdot.org/story/25/03/17/0126204/consumer-groups-push-new-law-fighting-zombie-iot-devices

Fake "Security Alert" issues on #GitHub use #OAuth app to hijack accounts

https://www.bleepingcomputer.com/news/security/fake-security-alert-issues-on-github-use-oauth-app-to-hijack-accounts/

Malicious #Adobe, #DocuSign #OAuth apps target #Microsoft365 accounts

https://www.bleepingcomputer.com/news/security/malicious-adobe-docusign-oauth-apps-target-microsoft-365-accounts/

So, Cloudflare analyzed passwords people are using to log in to sites they protect and discovered lots of re-use.

Let me put the important words in uppercase.

So, CLOUDFLARE ANALYZED PASSWORDS PEOPLE ARE USING to LOG IN to sites THEY PROTECT and DISCOVERED lots of re-use.

[Edit with H/T: https://benjojo.co.uk/u/benjojo/h/cR4dJWj3KZltPv3rqX]

https://blog.cloudflare.com/password-reuse-rampant-half-user-logins-compromised/

#NymVPN is now live – here's everything you need to know

https://www.techradar.com/vpn/vpn-services/nymvpn-is-now-live-heres-everything-you-need-to-know

New #Akira #ransomware decryptor cracks encryptions keys using GPUs

https://www.bleepingcomputer.com/news/security/gpu-powered-akira-ransomware-decryptor-released-on-github/

Cyber-Attacke auf Schweizer #Spar-Gruppe: Kartenzahlung und Warenwirtschaftssystem ausgefallen. Supermärkte im Notfallmodus - mobile Geräte von SumUp als Ersatzlösung. #Cybersecurity #SparSchweiz #Schweiz https://winfuture.de/news,149628.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia

#Cyberangriff auf #Aerticket dauert nach wie vor an: Schon seit dem 9.3. ist der Berliner Großhändler für Flugtickets von einem Cybervorfall betroffen und zurzeit immer noch offline. Parallel wird eine alternative Buchungsplattform online gehen, um den Grundbetrieb zu ermöglichen. Der Angriff zeigt, dass auch die Kompromittierung eines Nicht-#KRITIS-Unternehmens in der #Lieferkette KRITIS-relevante Auswirkungen auf den Betrieb des Flugverkehrs haben kann:
#cybersecurity
https://www.golem.de/news/flugticketgrosshaendler-cyberangriff-legt-buchungssystem-von-aerticket-lahm-2503-194251.html

Hallo Mastodon!

Ich bin neu hier und beschäftige mich mit #Informationssicherheit, #Datenschutz und #IT-Risikomanagement. Mein Fokus liegt auf #ISO27001, #BSIITGrundschutz und #DSGVO.

Ich betreibe das [ISMS-Ratgeber-Wiki](https://wiki.isms-ratgeber.info), eine freie Wissenssammlung für alle, die sich mit ISMS beschäftigen. Schaut gern vorbei und lasst uns austauschen!

#CyberSecurity #Informationssicherheit #ISMS #Datenschutz #ITSicherheit"

I just published the source code for my very naive #Python implementation for generating a node network based on MITRE Intrusion Sets and Techniques. It will output linked #Markdown files linking intrusion sets to their used techniques.

Perhaps someone finds it useful or interesting to experiment with.

Source code: https://github.com/cstromblad/markdown_node

I hinted at this in a thread started by @Viss where he asked for input on a few very likely malicious domains. Me @Viss @cR0w @neurovagrant and others did some OSINT fun work with a couple of the original domains.

It was this thread: https://mastodon.social/@Viss/114145122623079635

Now I posted a picture of a node network rendered in Obsidian and I hinted that perhaps Obsidian could be used as a poor mans version of performing threat intelligence work.

The free service from portmap.io is being abused to support malware C2 communications. If you don’t use it, I suggest blocking *.portmap.io via DNS, NGFW and/or web proxy.

#cybersecurity #threatintel

From: @ScumBots
https://infosec.exchange/@ScumBots/114167879065509347

#Coinbase #phishing #email tricks users with fake wallet migration

https://www.bleepingcomputer.com/news/security/coinbase-phishing-email-tricks-users-with-fake-wallet-migration/

#ClickFix: How to Infect Your #PC in Three Easy Steps

https://krebsonsecurity.com/2025/03/clickfix-how-to-infect-your-pc-in-three-easy-steps/

Dramaturgie eines Milliardencoups: Erste Untersuchungsdetails zum Fall Bybit

Die Kryptobörse Bybit erlitt mit einem Wallet des Anbieters "Safe" einen Milliardendiebstahl, wohl auch durch Social Engineering.

https://www.heise.de/news/Dramaturgie-eines-Milliardencoups-Erste-Untersuchungsdetails-zum-Fall-Bybit-10316989.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Cisco #IOSXR vulnerability lets attackers crash #BGP on routers

https://www.bleepingcomputer.com/news/security/cisco-vulnerability-lets-attackers-crash-bgp-on-ios-xr-routers/