In this high-alert episode of CISO Guide to Cyber Resilience, hosts Debra Baker and Isabella Otero break down two massive supply chain cybersecurity threats shaking the industry:

1️⃣ A GitHub Action compromise that leaked CI/CD secrets from over 23,000 repositories, exposing AWS keys, GitHub PATs, and more.

2️⃣ A browser extension hijack that infected over 3.2 million users, turning trusted Chrome and Firefox extensions into tools for data theft and ad injection.

💥 You’ll learn:

• What went wrong with the tj-actions/changed-files GitHub Action (CVE-2025-30066)

• Immediate mitigation steps for DevSecOps teams

• The 16 compromised extensions you must remove now

• Browser hygiene best practices to avoid future attacks

🔐 Whether you're a developer, security leader, or just trying to stay safe online, this episode delivers urgent, actionable insights to help you protect your workflows and personal data.

In this episode of CISO Guide to Cyber Resilience, hosts Debra Baker and Isabella Otero dive into two critical cybersecurity developments:

1. The December 2024 U.S. Treasury Hack – A deep dive into how state-sponsored attackers exploited a Zero-Day vulnerability, the impact on government systems, and key security lessons.
2. President Biden’s January 2025 Cybersecurity Executive Order – A breakdown of new mandates for federal agencies and private-sector vendors, including zero-trust adoption, secure software requirements, and AI-driven cybersecurity advancements.

• Proactive cybersecurity measures – The Treasury breach highlights the importance of penetration testing, secure-by-design development, and continuous monitoring.
• Vendor security accountability – Strengthening third-party assessments can prevent supply chain attacks.
• Zero-trust implementation – Federal agencies and private companies must adopt phishing-resistant authentication and robust identity management.
• Future-proofing against emerging threats – Preparing for post-quantum cryptography and AI-based cyber threats.

💡 Call to Action:
Align your security strategy with NIST guidelines, improve vendor security assessments, and invest in cutting-edge cyber resilience strategies.

🎧 Listen Now: Stay ahead of the latest cybersecurity challenges and build a resilient organization!

Key Takeaways:

In this episode of The CISO Guide to Cyber Resilience, hosts Debra Baker and Isabella Otero dive into two critical cybersecurity stories making headlines. First, they uncover a sophisticated Netflix phishing scam that’s tricking users into giving away personal and financial information. Learn how to spot and avoid this scam before it’s too late.

Next, they discuss the fallout from the Stoli Group’s recent bankruptcy filing, triggered by a devastating ransomware attack and compounded by geopolitical tensions. Discover actionable insights on how businesses can protect themselves from similar threats by enhancing cyber defenses, training employees, and preparing for unexpected external risks.

Tune in for expert advice on staying informed, staying protected, and staying cyber resilient!

✅ CISO Guide to Cyber Resilience Book: https://amzn.to/3Vt1g0o

✅ Website: https://TrustedCISO.com

✅ Download the Free Roadmap: https://bit.ly/CISO-Roadmap

✅ Linktree: https://linktr.ee/debrabaker