Published 13 days ago • loading... • Updated 11 days ago

GitHub Action supply chain attack exposed secrets in 218 repos

A GitHub Action supply chain attack exposed secrets in 218 repositories between March 14-15, 2025, according to researchers from Endor Labs.
The Cybersecurity and Infrastructure Security Agency confirmed that the tj-actions/changed files compromise leaked secrets due to a personal access token being compromised.
Approximately 5,416 repositories referenced the targeted GitHub Action, with users advised to review their workflows and rotate secrets.
GitHub recommends users review their workflows from March 14-15 and rotate any compromised secrets to enhance security.

Insights by Ground AI

Does this summary seem wrong?

18 Articles

All

Left

Center

Right

Cybersecurity Dive

Center

GitHub Action compromise linked to previously undisclosed attack

Researchers uncovered a March 11 incident that may have led to the larger supply chain attack.

13 days ago

Read Full Article

BleepingComputer

Center

GitHub Action supply chain attack exposed secrets in 218 repos

The compromise of GitHub Action tj-actions/changed-files has impacted only a small percentage of the 23,000 projects using it, with it estimated that only 218 repositories exposed secrets due to the supply chain attack.

13 days ago

Read Full Article

Horizon3.ai

GitHub Actions & Apache Tomcat CVEs: Risk or Hype?

Trendy vulnerabilities aren’t always worth the hype—panic-driven responses often lead to wasted time and resources. This is top of mind for us as we’ve researched recent issues regarding Github Actions and Apache Tomcat. Like many vulnerabilities they have the potential to be critical, but after assessing relevant data from across customers’ production environments, Horizon3.ai’s Attack Team found… Source

11 days ago

Read Full Article

Hackaday

This Week In Security: The Github Supply Chain Attack, Ransomware Decryption, And Paragon

Last Friday Github saw a supply chain attack hidden in a popular Github Action. To understand this, we have to quickly cover Continuous Integration (CI) and Github Actions. CI essentially means aut…

11 days ago

Read Full Article

SentinelOne

When Python Is Poisoned | How Runtime Security Stops the tj-actions Attack

In the hyper-speed world of modern software development, Continuous Integration and Continuous Delivery (CI/CD) pipelines are the lifeblood of innovation. They are the automated arteries through which our code flows, transforming ideas into reality. But, what happens when a trusted component within this vital system goes rogue? On March 12, 2025, the developer community faced this nightmare as the widely adopted GitHub Action, tj-actions/changed…

12 days ago

Read Full Article

InfoWorld

Developers: apply these 10 mitigations first to prevent supply chain attacks

DevOps leaders hoping to find a single cybersecurity risk framework that will prevent their work from experiencing the kinds of compromises that lead to supply chain attacks will have a hard time, according to a new research paper. In a paper submitted to Cornell University’s arXiv site for academic manuscripts, the six researchers — four from North Carolina State University, one from Yahoo and one between positions — said they could rank the to…

12 days ago

Read Full Article

Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/year