Github Tj Actions Changed Files Github Action To Retrieve All StepSecurity disclosed a compromise of the popular GitHub Action tj-actions/changed-files, which works to detect file changes in open source projects, noting that more than 23,000 GitHub A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories The attack, which originally
Github Tj Actions Changed Files Github Action To Retrieve All A recent supply chain attack that compromised the popular tj-actions/changed-files GitHub action has left a trail of digital destruction, affecting 218 GitHub repositories As investigators dig deeper tj-actions/changed-files Large enterprises scramble after supply-chain attack spills their secrets tj-actions/changed-files corrupted to run credential-stealing memory scraper Unit 42 and Wiz's reports confirm that the campaign was initially highly focused on Coinbase and expanded to all projects utilizing tj-actions/changed-files once their initial attempt failed As tj-actions/eslint-changed-files utilizes the reviewdog/action-setup action, it is believed that the compromised action was used to dump tj-action's personal access token and steal it
Releases Tj Actions Changed Files Github Unit 42 and Wiz's reports confirm that the campaign was initially highly focused on Coinbase and expanded to all projects utilizing tj-actions/changed-files once their initial attempt failed As tj-actions/eslint-changed-files utilizes the reviewdog/action-setup action, it is believed that the compromised action was used to dump tj-action's personal access token and steal it That warning came after researchers at StepSecurity found that all versions of the tj-actions/changed-files utility up to 4507 had been modified by a threat actor on March 14
Comments are closed.