A critical security incident involving the tj-actions/changed-files GitHub Action has been reported.
The changed-files action, which allows GitHub repositories to track file changes, has been tampered with to allow the exposure through GitHub Actions build logs of CI/CD secrets, including passwords, tokens, API keys, PII and other sensitive data that have been embedded within software code. Workflow logs that are made publicly accessible, such as those for public repositories, could allow attackers to obtain exposed secrets for further malicious actions. The issue is tracked as a high-severity vulnerability under CVE-2025-30066.
Read more…
Source: NHS Digital
Related:
- Patch Tuesday – November 2025
November 11, 2025
Microsoft is publishing 66 new vulnerabilities today, which is far fewer than one would expect in recent months. There’s a lone exploited-in-the-wild zero-day vulnerability, which Microsoft assesses as critical severity, although there’s apparently no public disclosure yet. Three critical remote code execution (RCE) vulnerabilities are patched today; happily, Microsoft currently assesses all three as less likely ...
- LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices
November 7, 2025
Unit 42 researchers have uncovered a previously unknown Android spyware family, which we have named LANDFALL. To deliver the spyware, attackers exploited a zero-day vulnerability (CVE-2025-21042) in Samsung’s Android image processing library. The specific flaw LANDFALL exploited, CVE-2025-21042, is not an isolated case but rather part of a broader pattern of similar issues found on multiple ...
- Cisco Releases Security Updates for Unified CCX
November 6, 2025
Cisco has released security updates to address two critical vulnerabilities in Unified Contact Center Express (Unified CCX). CVE-2025-20354 – Unauthenticated Remote Code Execution (RCE) vulnerability – CVSSv3 score: 9.8 CVE-2025-20358 – Authentication Bypass (unauthenticated to administrative privileges) vulnerability – CVSSv3 score: 9.4 Read more… Source: NHS Digital Sign up for the Cyber Security Review Newsletter The latest cyber security news and ...
- Washington Post says it is among victims of cyber breach tied to Oracle software
November 6, 2025
The Washington Post said it is among victims of a sweeping cyber breach tied to Oracle software. In a statement released on Thursday, the newspaper said it was one of those impacted “by the breach of the Oracle E-Business Suite platform.” The paper did not provide further detail, but its statement comes after CL0P, the notorious ...
- Apple patches 50 security flaws – update now
November 5, 2025
Apple has released security updates for iPhones, iPads, Macs, Apple Watches, Apple TVs, Safari, and Xcode, fixing nearly 50 security flaws. Some of these bugs could let cybercriminals see your private data, take control of parts of your device, or break key security protections. Installing these updates as soon as possible keeps your personal information—and everything ...
- Operation South Star: 0-day Espionage Campaign Targeting Domestic Mobile Phones
November 4, 2025
In recent years, during high-intensity confrontations with Advanced Persistent Threat (APT) groups from the Northeast Asia region, the RedDrip team at QiAnXin Threat Intelligence Center has discovered nearly 20 0day vulnerabilities involving domestic software. Some details have been disclosed in our public reports such as Operation DevilTiger, Operation ShadowTiger, and XSS 0day+Clickonce. In reality, 0day activities ...