The Hacker News56m
CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise
CISA warns of CVE-2025-30066, a GitHub supply chain attack exposing secrets via compromised actions logs. Update ...
InfoWorld1d
Thousands of open source projects at risk from hack of GitHub Actions tool
Researchers say compromised tool in the GitHub CI/CD environment stole credentials; infosec leaders need to act immediately.
Supply chain attack on popular GitHub Action exposes CI/CD secrets
A supply chain attack on the widely used 'tj-actions/changed-files' GitHub Action, used by 23,000 repositories, potentially ...
Computing1d
GitHub supply-chain attack threatens 23,000 organisations
A supply chain attack on a GitHub Actions tool has put up to 23,000 organisations at risk of having credentials stolen.
Infosecurity Magazine1d
Tj-actions Supply Chain Attack Exposes 23,000 Organizations
Over 23,000 organizations unwittingly had their secrets exposed over the weekend after threat actors managed to compromise a ...
Supply chain attack against GitHub Action triggers massive exposure of secrets
Security researchers are warning of a supply chain attack against tj-actions/changed-files GitHub Action, which is used in ...