The supply chain attack involving the GitHub Action "tj-actions/changed-files" started as a highly-targeted attack against one of Coinbase's open-source projects, before evolving into something more widespread in scope. "The payload was focused on exploiting the public CI/CD flow of one of their open source projects – agentkit, probably with the purpose of leveraging it for … [Read more...] about Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories’ CI/CD Secrets Exposed
Elastic and Tines partner to orchestrate and automate team workflows
Automate your security and observability workflows with Tines Workflow Automation, now available directly from ElasticElastic and Tines are unveiling an integrated product offering to transform the crucial work of security and observability teams. We’re excited to introduce Tines Workflow Automation, available directly through Elastic. This seamless package extends Elastic with … [Read more...] about Elastic and Tines partner to orchestrate and automate team workflows
U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe
Mar 22, 2025Ravie LakshmananFinancial Security / Cryptocurrency The U.S. Treasury Department has announced that it's removing sanctions against Tornado Cash, a cryptocurrency mixer service that has been accused of aiding the North Korea-linked Lazarus Group to launder their ill-gotten proceeds. "Based on the Administration's review of the novel legal and policy issues raised … [Read more...] about U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe
UAT-5918 Targets Taiwan’s Critical Infrastructure Using Web Shells and Open-Source Tools
Mar 21, 2025Ravie LakshmananThreat Hunting / Vulnerability Threat hunters have uncovered a new threat actor named UAT-5918 that has been attacking critical infrastructure entities in Taiwan since at least 2023. "UAT-5918, a threat actor believed to be motivated by establishing long-term access for information theft, uses a combination of web shells and open-sourced tooling to … [Read more...] about UAT-5918 Targets Taiwan’s Critical Infrastructure Using Web Shells and Open-Source Tools
Announcing the CrowdStrike 2025 Global Crowd Tour
Cybersecurity leaders today face relentless threats — breaches happen in seconds, adversaries constantly evolve, and security teams must adapt faster than ever. CrowdTour 2025 is built for you — the security professionals on the front lines who use CrowdStrike every day — coming together to learn from peers, share real-world defense strategies, and strengthen the community’s … [Read more...] about Announcing the CrowdStrike 2025 Global Crowd Tour
CrowdStrike Researchers Develop Custom XGBoost Objective
All of this means that if we want to minimize surprise FPs between model releases, we must ensure DV ordering preservation. XGBoost is flexible because its Newton-Raphson solver requires only the gradient and Hessian of the objective rather than the objective itself. By adding small perturbations to the gradient and to the Hessian, we can replace the standard XGBoost … [Read more...] about CrowdStrike Researchers Develop Custom XGBoost Objective
Hunting with Elastic Security: Detecting credential dumping with ES|QL
In the shadowy depths of your network, whispers grow louder — something isn’t right. Adversaries are on the prowl, targeting the very keys to your kingdom: your credentials. T1003 - OS Credential Dumping is their weapon of choice to steal password hashes and sensitive authentication materials. They quietly harvest secrets to impersonate users, escalate privileges, and move … [Read more...] about Hunting with Elastic Security: Detecting credential dumping with ES|QL
Cisco Introduces the State of AI Security Report for 2025
As one of the defining technologies of this century, artificial intelligence (AI) seems to witness daily advancements with new entrants to the field, technological breakthroughs, and creative and innovative applications. The landscape for AI security shares the same breakneck pace with streams of newly proposed legislation, novel vulnerability discoveries, and emerging threat … [Read more...] about Cisco Introduces the State of AI Security Report for 2025
YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users
Mar 20, 2025Ravie LakshmananMalware / Threat Analysis YouTube videos promoting game cheats are being used to deliver a previously undocumented stealer malware called Arcane likely targeting Russian-speaking users. "What's intriguing about this malware is how much it collects," Kaspersky said in an analysis. "It grabs account information from VPN and gaming clients, and all … [Read more...] about YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users
Top 3 Trends in Red Team Exploitation Paths
Though 2024 may be behind us, many of the security threats and vulnerabilities that organizations faced last year remain. The CrowdStrike Professional Services Red Team tracks them all in its efforts to defend organizations against adversaries. The three most common exploitation paths we encountered were: Unsecured Credentials: Weak or exposed credentials remain one … [Read more...] about Top 3 Trends in Red Team Exploitation Paths