CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise

CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise

/in

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, tj-actions/changed-files, to its Known Exploited Vulnerabilities (KEV) catalog.
The high-severity flaw, tracked as CVE-2025-30066 (CVSS score: 8.6), involves the breach of the GitHub Action to inject malicious code that enables a remote

The Hacker News – ​Read More

Knocknoc Raises Seed Funding to Scale Its Just-In-Time Network Access Control...Critical mySCADA myPRO Flaws Could Let Attackers Take Over Industrial Control SystemsCritical mySCADA myPRO Flaws Could Let Attackers Take Over Industrial Control...