StepSecurity disclosed a compromise of the popular GitHub Action tj-actions/changed-files, which works to detect file changes ...

A cascading supply chain attack that began with the compromise of the "reviewdog/action-setup@v1" GitHub Action is believed ...

CISA warns of CVE-2025-30066, a GitHub supply chain attack exposing secrets via compromised actions logs. Update ...

A supply chain attack on the widely used 'tj-actions/changed-files' GitHub Action, used by 23,000 repositories, potentially ...

The tj-actions/changed-files GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack.

Security researchers are warning of a supply chain attack against tj-actions/changed-files GitHub Action, which is used in ...

Ad giant just confirmed its cloudy arm will embrace security shop in $30B deal Infoseccers at Google acquisition target Wiz ...

GitHub Action tj-actions/changed-files was compromised, leaking CI/CD secrets. Users must update immediately to prevent ...

Open source software used by more than 23,000 organizations, some of them in large enterprises, was compromised with credential-stealing code after attackers gained unauthorized access to a maintainer ...

A supply chain attack on a GitHub Actions tool has put up to 23,000 organisations at risk of having credentials stolen.

A popular tool for automated software updates was compromised via GitHub A piece of malicious code was added, exposing user ...

Data Exfiltration Capabilities: Well-crafted malicious rules can direct AI tools to add code that leaks sensitive information while appearing legitimate, including environment variables, database ...