CramHacks
Posts
CramHacks Chronicles #76: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #76: Weekly Cybersecurity Newsletter!

Silicon Valley Spies, malicious GH actions, Wiz acquired for $32B, EPSSv4, lots more drama!

Kyle Kelly
March 19, 2025

In partnership with

Hello, and Happy Monday!

Today, I am speedrunning writing a newsletter. On average, I spend about 15 hours each week reviewing content and writing summaries. But this week, I am cramming.

Alphabet (Google) to buy Wiz for $32 billion
👋 This feels so wrong for so many reasons. My takeaway is that Google must have internally accepted that it cannot build a competitive security product, and this is a hail-mary attempt at having some success. I’ve seen some VC folks justifying the price. I think $32B is crazy, and I believe those justifying it are crazy, and whatever math they’re using belongs on the back of a napkin.

But I can also accept that I may be the one who’s crazy. Something is valued at whatever someone else is willing to pay, so based on that, I’m wrong 😆.

Harden-Runner detection: tj-actions/changed-files action is compromised
The tj-actions/changed-files GitHub Action, used by more than 20,000 public repositories, was compromised. The actor injected code into the action, executing a malicious Python script hosted via GitHub Gist. Upon execution, the script dumped CD secrets from the Runner Worker process.

👋 The secrets were not exfiltrated, meaning private repositories are fortunate to have only exposed secrets to those with access. This is just the tl;dr; the full details get a bit wild, and there’s still some ongoing investigation.

Following this incident, my friends at boostsecurity.io published Escalating Threats in Build Pipelines Security, which speaks well to some known gaps and frankly states that this won’t be the last of this type of incident.

Introducing EPSS Version 4
Jay Jacobs explains the history of EPSS and what makes EPSSv4 better than prior iterations. This latest version prioritizes improving data ingestion and ingesting from more sources.

OpenSSF Policy Summit DC 2025 Recap
A recap of the recent summit hosted in DC; the article includes links to breakout session notes for AI & Open Source Security, Open Source Best Practices, Regulatory Harmonization, and Repository & Package Supply Chain Security.

An Open Source Alternative To Notion: By the French & German Governments

Drama 🌶️

Cybereason CEO leaves after months of boardroom blowups

White House instructs agencies to avoid firing cybersecurity staff, email says

Lawsuit Alleges Deel Cultivated Spy, Orchestrated Long-Running Trade-Secret Theft & Corporate Espionage Against Competitor
👋 Yes, this is the same Deel that technically sponsored today’s newsletter 🤣.

Until Next Time! 👋

Hey, you made it to the bottom – thanks for sticking around!

Questions, ideas, or want to chat? Slide into my inbox! 💌

Don’t hesitate to forward if someone could benefit from this.

See you next Monday!
-Kyle

P.S. CramHacks has a Supporter tier! You can upgrade here to support CramHacks and its free weekly content 😃.