A popular GitHub Action called ‘tj-actions/changed-files’ has been compromised in a supply chain attack apparently targeting secrets associated with continuous integration and continuous delivery (CI/CD). Changed-files, which is actively used in over 23,000 repositories, is designed for tracking file and directory changes. While StepSecurity, a security company specializing in GitHub Actions, has seen multiple public repositories leaking secrets in build logs that can be accessed by anyone, it noted that there is no evidence of the leaked secrets being exfiltrated. A majority of the existing Changed-files version tags were updated to refer to the malicious commit. On March 15, GitHub removed the tj-actions/changed-files action and restored it on the same day after the malicious commit was removed from all tags and branches.

Read more: https://www.securityweek.com/popular-github-action-targeted-in-supply-chain-attack/