Security experts revealed a vast supply chain attack that affected tens of thousands of GitHub repositories through GitHub Actions. The attack exploited the 'tj-actions/changed-files' workflow, allowing cybercriminals to inject harmful code and access sensitive CI/CD secrets. This breach resulted from a compromised GitHub Personal Access Token linked to the bot '@tj-actions-bot'. The attack traces back to earlier vulnerabilities in the 'reviewdog/action-setup', demonstrating the ongoing security challenges within the GitHub ecosystem and the risks posed by easily accessible log files containing confidential data.
Security specialists at Wiz uncovered that tens of thousands of repositories were compromised due to a supply chain exploit involving GitHub Actions and a compromised personal access token.
The attack was enabled by a compromised GitHub Personal Access Token, revealing vulnerabilities in widely used GitHub Actions workflows and emphasizing the need for better security practices.
Collection
[
|
...
]