malicious GitHub Action

From Security Week – Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack

[[{"value":"Evidence shows a SpotBugs token compromised in December 2024 was used in the March 2025 GitHub Actions supply chain attack. The post Compromised SpotBugs Token Led to GitHub Actions Supply…

shaikh Saqib April 4, 2025

Vulnerabilities

From Cybersecurity Help – GitHub action compromise exposes secret tokens in build logs

The attack, which occurred sometime before March 14, 2025, involved a threat actor modifying the code of the tj-actions/changed-files GitHub Action. Read More

shaikh Saqib March 17, 2025

News

From The Hacker News – GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories

Cybersecurity researchers are calling attention to an incident in which the popular GitHub Action tj-actions/changed-files was compromised to leak secrets from repositories using the continuous integration and continuous delivery (CI/CD) workflow. The incident involved the tj-actions/changed-files GitHub Action, which is used in over 23,000 repositories. It's used to track and retrieve all

shaikh Saqib March 17, 2025

News

From Security Week – Popular GitHub Action Targeted in Supply Chain Attack

[[{"value":"The tj-actions/changed-files GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack. The post Popular GitHub Action Targeted in Supply Chain Attack appeared first…

shaikh Saqib March 17, 2025