Fake “Security Alert” Phishing on GitHub Hijacks Accounts

Fake “Security Alert” Phishing on GitHub Hijacks Accounts

https://www.bleepingcomputer.com/news/security/fake-security-alert-issues-on-github-use-oauth-app-to-hijack-accounts A widespread phishing campaign is targeting GitHub users with fake “Security Alert” issues, attempting to trick them into authorizing a...

Widely Used GitHub Action Compromised, Leaking Secrets

https://www.wiz.io/blog/github-action-tj-actions-changed-files-supply-chain-attack-cve-2025-30066 The widely used GitHub Action “tj-actions/changed-files” was compromised before March 14, 2025, injecting malicious code that leaked secrets from affected...
Secure Coding Bootcamps: From Theory to Practice

Secure Coding Bootcamps: From Theory to Practice

Today, we’re getting hands-on with one of the most effective ways to improve security: secure coding bootcamps. Because let’s face it – developers learn best by doing, not by watching. And if you want secure code, you need to make secure coding practical,...
Guest on SecurePod Podcast

Guest on SecurePod Podcast

Had the great opportunity to be on Episode One of SecureFlag’s SecurePod podcast. Had a chat with Nick Kelly on the importance of cybersecurity culture change, secure development practices, threat modeling and building security champions. We did the recording...