Cybersecurity researchers are calling attention to an incident in which the popular GitHub Action tj-actions/changed-files was compromised to leak secrets from repositories using the continuous integration and continuous delivery (CI/CD) workflow.

A 51-year-old dual Russian and Israeli national who is alleged to be a developer of the LockBit ransomware group has been extradited to the United States, nearly three months after he was formally charged in connection with the e-crime scheme.

Cybersecurity researchers have warned of a malicious campaign targeting users of the PyPI repository with fake libraries masquerading as "time" related utilities, but harboring hidden functionality to steal sensitive data such as cloud access tokens.

The attacks, observed in 2024, spread across Bangladesh, Cambodia, Djibouti, Egypt, the United Arab Emirates, and Vietnam. Other targets of interest include nuclear power plants and nuclear energy infrastructure in South Asia and Africa.

The latest activity, spotted in mid-2024, involves the use of implants that are based on TinyShell, a C-based backdoor that has been put to use by various Chinese hacking groups like Liminal Panda and Velvet Ant in the past.

Taiwanese company Moxa has released a security update to address a critical security flaw impacting its PT switches that could permit an attacker to bypass authentication guarantees.

The vulnerability (CVE-2025-24201) has been described as an out-of-bounds write issue in the WebKit browser engine that could allow an attacker to craft malicious web content such that it can break out of the Web Content sandbox.

The attack sequence entails the use of a malware dropper, a shell script ("dropbpb.sh") that's designed to fetch and execute the main binary on the target system for various system architectures such as mips, mipsel, armv5l, armv7l, and x86_64.

The CISA on Monday added five security flaws impacting Advantive VeraCore and Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild.

"The attacker has exploited the vulnerability CVE-2024-4577, a remote code execution (RCE) flaw in the PHP-CGI implementation of PHP on Windows, to gain initial access to victim machines," Cisco Talos researchers said.