Popular GitHub Action Targeted in Supply Chain Attack

ronjor · Mar 17, 2025

By Eduard Kovacs March 17, 2025

The tj-actions/changed-files GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack.
Click to expand...

According to StepSecurity, a security company specializing in GitHub Actions, the incident started on March 14 and involved a threat actor modifying the Changed-files code to execute a malicious Python script designed to dump CI/CD secrets to build logs.
Click to expand...

ronjor · Mar 19, 2025

Supply Chain Compromise of Third-Party GitHub Action, CVE-2025-30066

Release Date March 18, 2025
A popular third-party GitHub Action, tj-actions/changed-files (tracked as CVE-2025-30066), was compromised. This GitHub Action is designed to detect which files have changed in a pull request or commit. The supply chain compromise allows for information disclosure of secrets including, but not limited to, valid access keys, GitHub Personal Access Tokens (PATs), npm tokens, and private RSA keys. This has been patched in v46.0.1.
Click to expand...

ronjor · Mar 23, 2025

Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed

By Eduard Kovacs March 21, 2025
Several cybersecurity firms have analyzed the incident. One of them is cloud security giant Wiz (recently acquired by Google), which determined based on a lead from researcher Adnan Khan that the root cause of the incident is an action made by Reviewdog, which provides code review tools.
Click to expand...

Log in or Sign up

Popular GitHub Action Targeted in Supply Chain Attack

ronjor Global Moderator

ronjor Global Moderator

ronjor Global Moderator

Log in or Sign up

Popular GitHub Action Targeted in Supply Chain Attack

ronjor Global Moderator

ronjor Global Moderator

ronjor Global Moderator

Useful Searches