Palo Alto Networks Unit 42在一份报告中指出：“攻击载荷主要针对其开源项目agentkit的公共CI/CD流程，可能是为了利用它进行进一步的攻击。然而，攻击者未能使用Coinbase的密钥或发布软件包。” ...

The compromise of GitHub Action tj-actions/changed-files has impacted only a small percentage of the 23,000 projects using it ...

币界网消息, 慢雾余弦在 X 平台发文称，利用 GitHub Actions CI/CD 机制供应链攻击 Coinbase，所幸没有继续成功，否则下一个被爆的安全事件就是针对 Coinbase 了。在 GitHub ...

Large organizations among those cleaning up the mess It's not such a happy Monday for defenders wiping the sleep from their ...

GitHub Action tj-actions/changed-files was compromised, leaking CI/CD secrets. Users must update immediately to prevent ...

The endgame of the recent cascading supply chain attack on GitHub was to breach Coinbase, one of the world’s most popular ...

CVE-2025-30066 supply chain attack compromised tj-actions on March 14, 2025, exposing 218 repositories and leaking credentials.

CISA confirms cascading attack from reviewdog to tj-actions exposed sensitive credentials across 23,000+ repositories.

A cascading supply chain attack that began with the compromise of the "reviewdog/action-setup@v1" GitHub Action is believed ...

A supply chain attack on a GitHub Actions tool has put up to 23,000 organisations at risk of having credentials stolen.

A potential supply chain attack on GitHub CodeQL started simply: a publicly exposed secret, valid for 1.022 seconds at a time. In that second, an attacker could take a series of steps that would allow ...