Supply chain vulnerabilities continue to remind us that even the most trusted tools in our development toolkit sometimes hide surprises. In this case, a popular GitHub Action—tj‑actions/changed‑files—has been compromised, exposing sensitive secrets such as access keys, GitHub Personal Access...
CISA has recently expanded its Known Exploited Vulnerabilities Catalog with two new entries that underscore the persistent threat posed by actively exploited vulnerabilities. While the vulnerabilities detailed in this update may not target Microsoft Windows directly, the implications resonate...