GitHub Action supply chain attack exposed secrets in 218 repos

The compromise of GitHub Action tj-actions/changed-files has impacted only a small percentage of the 23,000 projects using it, with it estimated that only 218 repositories exposed secrets due to the supply chain attack. Despite the small number, the potential security repercussions are still significant as some repositories are very popular and could be used in further supply chain attacks. That said, owners of exposed repositories must take immediate action to rotate their secrets before attackers get the chance to exploit the leakage. GitHub supply chain attack GitHub Action' tj-actions/changed-files' was compromised by attackers who added a malicious commit on March 14, 2025, to dump CI/CD secrets from the Runner Worker process to the repository. If workflow logs were set to be publicly accessible, those secrets could be accessed and read by anyone. Subsequent investigation showed that the attack was likely made possible via another supply chain attack targeting the "reviewdog ... Read full article.