Popular GitHub Action Targeted in Supply Chain Attack
Posted: Mon Mar 17, 2025 10:14 am
A popular GitHub Action has been compromised in a supply chain attack apparently targeting secrets associated with continuous integration and continuous delivery (CI/CD).
The targeted GitHub Action is called ‘tj-actions/changed-files’. Tj-actions provides GitHub Actions for streamlining CI/CD processes. Changed-files, which is actively used in over 23,000 repositories, is designed for tracking file and directory changes.
According to StepSecurity, a security company specializing in GitHub Actions, the incident started on March 14 and involved a threat actor modifying the Changed-files code to execute a malicious Python script designed to dump CI/CD secrets to build logs.
[...]
Popular GitHub Action Targeted in Supply Chain Attack
The targeted GitHub Action is called ‘tj-actions/changed-files’. Tj-actions provides GitHub Actions for streamlining CI/CD processes. Changed-files, which is actively used in over 23,000 repositories, is designed for tracking file and directory changes.
According to StepSecurity, a security company specializing in GitHub Actions, the incident started on March 14 and involved a threat actor modifying the Changed-files code to execute a malicious Python script designed to dump CI/CD secrets to build logs.
[...]
Popular GitHub Action Targeted in Supply Chain Attack