Attack via GitHub action tool spied out secrets and stored them in log file
The open source tool tjactions/changed-files searched for sensitive information in the CI process with GitHub Actions and ...
Security Boulevard14h
GitHub Action Supply Chain Breach Exposes Non-Human Identity Risks in CI/CD
Long-lived credentials and secrets fueled the attack. The post GitHub Action Supply Chain Breach Exposes Non-Human Identity Risks in CI/CD appeared first on Aembit.
CPO Magazine18h
Compromise of Popular Tool Leads to Supply Chain Attack on Over 23,000 GitHub Repositories
A compromise of the popular GitHub Actions tool turned into a massive supply chain attack, at this point thought to be ...
InfoWorld17h
GitHub suffers a cascading supply chain attack compromising CI/CD secrets
CISA confirms cascading attack from reviewdog to tj-actions exposed sensitive credentials across 23,000+ repositories.
The Hacker News22h
CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise
CISA warns of CVE-2025-30066, a GitHub supply chain attack exposing secrets via compromised actions logs. Update ...