CISA confirms cascading attack from reviewdog to tj-actions exposed sensitive credentials across 23,000+ repositories.

StepSecurity disclosed a compromise of the popular GitHub Action tj-actions/changed-files, which works to detect file changes ...

The compromise of GitHub Action tj-actions/changed-files has impacted only a small percentage of the 23,000 projects using it ...

A supply chain attack on the widely used 'tj-actions/changed-files' GitHub Action, used by 23,000 repositories, potentially ...

Stay informed with the latest in cybersecurity trends, vulnerabilities, and best practices. Don't miss out on this week's ...

The tj-actions/changed-files GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack.

CVE-2025-30066 supply chain attack compromised tj-actions on March 14, 2025, exposing 218 repositories and leaking credentials.

A supply chain attack on a GitHub Actions tool has put up to 23,000 organisations at risk of having credentials stolen.

A compromise of the popular GitHub Actions tool turned into a massive supply chain attack, at this point thought to be ...

More details have come to light on the recent supply chain attack targeting GitHub Actions, including its root cause.

A potential supply chain attack on GitHub CodeQL started simply: a publicly exposed secret, valid for 1.022 seconds at a time. In that second, an attacker could take a series of steps that would allow ...

According to the cybersecurity firms analyzing the incident, the attacker initially tried to compromise the Coinbase ...