GitHub Action hack likely led to another in cascading supply chain attack

A cascading supply chain attack that began with the compromise of the "reviewdog/action-setup@v1" GitHub Action is believed to have led to the recent breach of "tj-actions/changed-files" that leaked CI/CD secrets. Last week, a supply chain attack on the tj-actions/changed-files GitHub Action caused malicious code to write CI/CD secrets to the workflow logs for 23,000 repositories. If those logs had been public, then the attacker would have been able to steal the secrets. The tj-actions developers cannot pinpoint exactly how the attackers compromised a GitHub personal access token (PAT) used by a bot to perform malicious code changes. Today, Wiz researchers think they may have found the answer in the form of cascading supply chain attacks that started with another GitHub action named 'reviewdog/action-setup.' The cybersecurity firm reports that the attackers first compromised the v1 tag for the reviewdog/action-setup GitHub action and injected similar code to dump CI/CD secrets to l ... Read full article.