QuoLab Tech

GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories Cybersecurity researchers are calling attention to an incident in which the popular GitHub Action tj-actions/changed-files was compromised to leak secrets from repositories using the continuous integration and continuous delivery (CI/CD) workflow. The?incident?involved the?tj-actions/changed-files?GitHub Action, which is used in over 23,000 repositories. It's used to track and retrieve all changed files and directories. The supply chain compromise has been assigned the CVE identifier?CVE-2025-30066?(CVSS score: 8.6). The incident is said to have taken place sometime before March 14, 2025. For more details, see the full article below ? #Vulnerability #CloudSecurity #Cybersecurity #attack #malicious #leakedsecrets #threatactor #security #maliciouscode #exploitation #cyberthreat #threatintelligence #threatdetection https://lnkd.in/gng93Try

QuoLab implements data enclaves to manage investigation cases, from adversary intelligence to incident data passing by investigations or a?specific set of selectors. QuoLab will furthermore detect and concretize links between these cases over time, providing insight into the relations across threat actors or incidents. During an investigation, one might need to immediately bring further data to the case, starting by uploading a file (thus also triggering a “reaction” on it to carve out indicators) and semi-structured information. For this reason, we provide a multi-purpose parsing tool to extract information from semi-structured data sources, cross-correlate, and evaluate indicators with the graph. To sort data out, manually as well as out of analytics, a tagging taxonomy compatible with the usual go-to, such as TLP (5) or ATT&CK (2), has been implemented and can also be used to pivot within the graph model. For more details, check out our website ? https://www.quolab.com/ #cybersecurity #cyberthreat #threatintelligence #threatdetection #cyberintelligence #solutions #collectivesecurity #datasharing #cyberoperations #security #incidentresponse #Critical #killchain #DigitalForensics

OBSCURE#BAT Malware Uses Fake CAPTCHA Pages to Deploy Rootkit r77 and Evade Detection A new malware campaign has been observed leveraging social engineering tactics to deliver an open-source rootkit called?r77. The activity, condemned?OBSCURE#BAT?by Securonix, enables threat actors to establish persistence and evade detection on compromised systems. It's currently not known who is behind the campaign. The rootkit "has the ability to cloak or mask any file, registry key or task beginning with a specific prefix," security researchers Den Iuzvyk and Tim Peck?said?in a report shared with The Hacker News. "It has been targeting users by either masquerading as legitimate software downloads or via fake captcha social engineering scams." For more details, see the full article below ? #ThreatIntelligence #Malware #threatactors #mask #security #fake #engineeringscams #attack #malicious #boobytrapped #malvertising #poisoning #detection #antivirus #attackchain #execution #phishingemails https://lnkd.in/gjKCFTNA

?An example of the difference SOP can make. This is a description of how one customer was able to rapidly and comprehensively curtail a ransomware attack using QuoLab’s platform: An alert got generated from the company’s endpoint, detection and response (EDR) system, identifying two laptops as getting infected by ransomware malware. The company was positioned to make quick, deep correlations thanks to the fact that its security stack, including EDR, were tied to each other, as well as to a full slate of analytics tools via QuoLab. “They didn’t know how the entry point happened, but by putting the data into our platform, they were able, within seconds, to attribute the attack to a specific APT threat actor because of reporting coming in from certain threat intelligence feeds.” By examining the associated network and host feeds, security analysts were able to track how the malware propagated and even pinpoint how it was detonated by two users who clicked on a tainted email PDF attachment. For more details, check out our website ? https://www.quolab.com/ #cybersecurity #cyberthreat #threatintelligence #threatdetection #cyberintelligence #solutions #collectivesecurity #datasharing #cyberoperations #security #incidentresponse #Critical #killchain #DigitalForensics #malware #threatactor #ransomware #attack

URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days Microsoft on Tuesday?released?security updates to address 57 security vulnerabilities in its software, including a whopping six zero-days that it said have been actively exploited in the wild. Of the 56 flaws, six are rated Critical, 50 are rated Important, and one is rated Low in severity. Twenty-three of the addressed vulnerabilities are remote code execution bugs and 22 relate to privilege escalation. The updates are in addition to?17 vulnerabilities?Microsoft addressed in its Chromium-based Edge browser since the release of?last month's Patch Tuesday update, one of which is a spoofing flaw specific to the browser (CVE-2025-26643, CVSS score: 5.4). For more details, see the full article below ? #PatchTuesday #Vulnerability #security #exploited #Microsoft #Critical #severity #executionbugs #attacker #malicious #trojan #fake #executecode #threatactor #Cybersecurity https://lnkd.in/gGzdAjyM

QuoLab merges deep analytics and intuitive workflows in a collaborative, data-centric platform. QuoLab empowers security professionals to analyze, investigate, and respond to threats within an integrated ecosystem. QuoLab Technologies is comprised of a diverse group of cyber operators, developers, and analysts devoted to building the best collaboration-focused security operations platform (SOP). For more details, check out our website ? https://www.quolab.com/ #cybersecurity #cyberthreat #threatintelligence #threatdetection #cyberintelligence #solutions #collectivesecurity #datasharing #cyberoperations #security #incidentresponse #Critical #killchain #DigitalForensics

FIN7, FIN8, and Others Use Ragnar Loader for Persistent Access and Ransomware Operations Threat hunters have?shed light?on a "sophisticated and evolving malware toolkit" called?Ragnar Loader?that's used by various cybercrime and ransomware groups like Ragnar Locker (aka Monstrous Mantis), FIN7, FIN8, and Ruthless Mantis (ex-REvil). "Ragnar Loader plays a key role in keeping access to compromised systems, helping attackers stay in networks for long-term operations," Swiss cybersecurity company PRODAFT said in a statement shared with The Hacker News. "While it's linked to the Ragnar Locker group, it's unclear if they own it or just rent it out to others. What we do know is that its developers are constantly adding new features, making it more modular and harder to detect." For more details, see the full article below ? #Threathunters #malware #cybercrime #ransomware #compromisedsystems #attackers #cybersecurity #detect #detection #execution #threatactor #cybercriminals #targeting #manipulation #injection https://lnkd.in/gkSinHqb

Happy International Women's Day!

PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors Threat actors of unknown provenance have been attributed to a malicious campaign predominantly targeting organizations in Japan since January 2025. "The attacker has exploited the vulnerability?CVE-2024-4577, a remote code execution (RCE) flaw in the PHP-CGI implementation of PHP on Windows, to gain initial access to victim machines," Cisco Talos researcher Chetan Raghuprasad?said?in a technical report published Thursday. "The attacker utilizes plugins of the publicly available?Cobalt Strike kit 'TaoWu'?for-post exploitation activities." For more details, see the full article below ? #ThreatIntelligence #Vulnerability #Threatactors #malicious #targetingorganizations #attacker #execution #victim #exploitation #hacking #infected #exposing https://lnkd.in/gVeeqxDA

The QuoLab Technologies Security Operations Platform empowers incident response professionals with a revolutionary data and information-sharing system. For more details, check out our website ? https://www.quolab.com/ #cybersecurity #cyberthreat #threatintelligence #threatdetection #cyberintelligence #solutions #collectivesecurity #datasharing #cyberoperations #security #incidentresponse #Critical #killchain