Discovering the latest attacks and providing defensive measures to keep organizations safe
Detecting and mitigating CVE-2024-12084: rsync remote code execution
The Sysdig Threat Research Team (TRT) has discovered CVE-2025-32955, a now-patched vulnerability in Harden-Runner, one of the most popular GitHub Action CI/CD security tools. Exploiting this vulnerability allows an attacker to bypass Harden-Runner’s disable-sudo security mechanism, effectively evading detection within the continuous integration/continuous delivery (CI/CD) pipeline under certain conditions. To mitigate this risk, users are strongly advised to update to the latest version.
tj-actions/changed-files with Falco Actions
A compromise (CVE-2025-30066) was discovered in the popular GitHub Action tj-actions/changed-files on March 14, 2025. It impacted tens of thousands of repositories that use this action to track file changes. This blog will explain how Falco Actions can easily be integrated into your workflows to help detect this CI/CD attack and provide in-depth visibility.
Detecting and Mitigating IngressNightmare – CVE-2025-1974
On Monday, March 24, 2025, a set of critical vulnerabilities affecting the admission controller component of the Ingress NGINX Controller for Kubernetes was announced. In total, five vulnerabilities were announced; the most severe vulnerability, CVE-2025-1974 (CVS 9.8), may result in remote code execution (RCE). Exploitation of this vulnerability can be detected with Sysdig Secure or the Falco rule provided in this article.
The 2025 Cloud-Native Security and Usage Report
Discover key insights and trends in real-world cloud security and usage — and see how enterprises are advancing their defenses.
Rules feed
Name
Severity
Framework 1
Framework 2
Link
Long name for up to ten words “vulnerability management” test
Critical
Example text that can
Example text
Led by the industry’s most elite threat researchers
Meet with us / upcoming events
Browse all resources
2025 Cloud-Native Security and Usage Report
2024 Cloud-Native Security and Usage Report
About the team
The Sysdig Threat Research Team (TRT) are highly skilled security experts dispersed across the globe, with experience in governmental, commercial, and academic arenas. Their expertise includes offensive and defensive security operations, computer network operations, malware analysis, and beyond.
The team is well-known for introducing the 10-minute timeframe for cloud attacks, setting the 555 Benchmark for Cloud Threat Detection and Response, and uncovering novel threats like SCARLETEEL.