A significant cascading supply chain attack has led to a breach of over 23,000 GitHub repositories, exposing critical CI/CD credentials. Initially targeting the tj-actions/changed-files utility, it is believed to have originated from a prior compromise of the reviewdog/action-setup GitHub Action. The Cybersecurity and Infrastructure Security Agency (CISA) confirmed the issue and has fixed the vulnerability in version 46.0.1. Security researchers suggest that the breach allowed attackers to extract sensitive information such as valid access keys and GitHub Personal Access Tokens (PATs), causing alarm within the development community.
CISA confirmed that a sophisticated supply chain attack targeting tj-actions/changed-files exposed sensitive CI/CD secrets in over 23,000 repositories.
The initial breach occurred through reviewdog/action-setup, allowing attackers to inject malicious code into tj-actions/changed-files, compromising credentials.
Wiz researchers highlighted that the compromise of reviewdog/action-setup created a pathway for secrets such as GitHub Personal Access Tokens to be exploited.
CISA has stated that the vulnerability, designated as CVE-2025-30066, has been patched in version 46.0.1, confirming significant implications for security.
Collection
[
|
...
]