See every side of every news story
Get Started
SubscribeLogin
Israel-Hamas Conflict
Pope Francis
Motorsports
NFL
Social Media
Natural Disasters
Baseball
Donald Trump
Artificial Intelligence
Premier League
Soccer
London Marathon
Vatican
Published loading...Updated

Supply-chain attack exposing credentials affects 23K users of tj-actions

  • A compromise of tj-actions/changed-files resulted in publicly accessible repositories displaying sensitive credentials in logs, which anyone could view.
  • The tj-actions team confirmed the compromise occurred after a bot account was breached, though the motivation and identity of the attackers remain unknown.
  • The compromised file copied the internal memory of servers, searched for credentials, and wrote them to a log.
  • RunZero CEO and open-source security expert HD Moore stated that actions can modify the source code and access secret variables, emphasizing the potential dangers.
  • Cybersecurity experts recommend an immediate response, including auditing repositories, rotating secrets, and finding alternatives to tj-actions/changed-files, as the compromise has been assigned CVE-2025-30066 with a high severity rating of 8.6.
Insights by Ground AI
Does this summary seem wrong?

22 Articles

All
Left
Center
4
Right
Tech RadarTech Radar
Center

Security issue in open source software leaves businesses concerned for systems

A supply chain attack attempted to expose login credentials from tens of thousands of companies.

·United Kingdom
Read Full Article
The RegisterThe Register
Center

GitHub supply chain attack spills secrets from 23K projects

: Large organizations among those cleaning up the mess

Read Full Article
BleepingComputerBleepingComputer
Reposted by
cybernoz.comcybernoz.com
Center

Supply chain attack on popular GitHub Action exposes CI/CD secrets

A supply chain attack on the widely used 'tj-actions/changed-files' GitHub Action, used by 23,000 repositories, potentially allowed threat actors to steal CI/CD secrets from GitHub Actions build logs.

Read Full Article
Ars TechnicaArs Technica
Center

Supply-chain attack exposing credentials affects 23K users of tj-actions

tj-actions/changed-files, corrupted to run credential-stealing memory scraper.

·United States
Read Full Article
cisa.govcisa.gov

Supply Chain Compromise of Third-Party GitHub Action, CVE-2025-30066

Supply Chain Compromise of Third-Party GitHub Action, CVE-2025-30066 sneary Mar 18, 2025 Release DateMarch 18, 2025 DescriptionA popular third-party GitHub Action, tj-actions/changed-files (tracked as CVE-2025-30066), was compromised. This GitHub Action is designed to detect which files have changed in a pull request or commit. The supply chain compromise allows for information disclosure of secrets including, but not limited to, valid access …

Read Full Article
ChannelNewsChannelNews

Attack on GitHub's supply chain unveils the content of 23,000 projects

Any project using GitHub's tj-action/changed-files would be compromised since last week, according to cybersecurity specialist StepSecurity. However, more than 23,000 GitHub repositories currently use the automation project code. Among the development secrets likely to leak: API keys, passwords or access chips. This high vulnerability [...] The post An attack on GitHub's supply chain reveals the contents of 23,000 projects appeared first on Chan…

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center
Factuality

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

Sysdig broke the news in on Saturday, March 15, 2025.
Sources are mostly out of (0)

Similar News Topics

You have read out of your 5 free daily articles.

Join us as a member to unlock exclusive access to diverse content.

News
For You
SearchBlindspotLocal