Deal or No Deal

Pre-show notes:

• Catch Leif & Misha @ BSides Seattle
• Semgrep BSides SF Pre-party 4/25
• Resourcely + C1 + Code Red – Sweat and Security (Orange Theory)

Show notes:

Popular GitHub Action tj-actions/changed-files is compromised (Will)

• https://semgrep.dev/blog/2025/popular-github-action-tj-actionschanged-files-is-compromised/
• https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised

Lawsuit Alleges $12 Billion "Unicorn" Deel Cultivated Spy, Orchestrated Long-Running Trade-Secret Theft & Corporate Espionage Against Competitor (Leif)

• https://www.rippling.com/blog/lawsuit-alleges-12-billion-unicorn-deel-cultivated-spy-orchestrated-long-running-trade-secret-theft-corporate-espionage-against-competitor

Google + Wiz (Travis)

• https://www.cnbc.com/2025/03/18/google-to-acquire-cloud-security-startup-wiz-for-32-billion.html

Jaguar Land Rover Jira exploit (Travis)

• https://www.infostealers.com/article/jaguar-land-rover-breached-by-hellcat-ransomware-using-its-infostealer-playbook-then-a-second-hacker-strikes/

Russian propaganda is reportedly influencing AI chatbot results (Leif)

• https://techcrunch.com/2025/03/07/russian-propoganda-is-reportely-influencing-ai-chatbot-results
• https://www.newsguardrealitycheck.com/p/a-well-funded-moscow-based-global

ByBit/Safe (Wallet) breach breakdown by Nick Frichette (Will)

• https://x.com/Frichette_n/status/1897694172619870401
• https://x.com/safe/status/1897663514975649938