The compromise of GitHub Action tj-actions/changed-files has impacted only a small percentage of the 23,000 projects using it ...

More details have come to light on the recent supply chain attack targeting GitHub Actions, including its root cause.

A cascading supply chain attack that began with the compromise of the "reviewdog/action-setup@v1" GitHub Action is believed ...

CISA confirms cascading attack from reviewdog to tj-actions exposed sensitive credentials across 23,000+ repositories.

A potential supply chain attack on GitHub CodeQL started simply: a publicly exposed secret, valid for 1.022 seconds at a time. In that second, an attacker could take a series of steps that would allow ...

The tj-actions/changed-files GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack.

CVE-2025-30066 supply chain attack compromised tj-actions on March 14, 2025, exposing 218 repositories and leaking credentials.

Just a year after Alphabet was said to be trying to buy the security shop for a claimed $23 billion, Google Cloud says it has ...

StepSecurity disclosed a compromise of the popular GitHub Action tj-actions/changed-files, which works to detect file changes ...

A compromise of the popular GitHub Actions tool turned into a massive supply chain attack, at this point thought to be ...

Drawing lessons from the trials of 2025, some of the maturing methodologies behind those very considerable software supply ...