A supply chain attack on tj-actions/changed-files leaked secrets. Wiz Research found another attack on reviewdog/actions-setup, possibly causing the compromise.
A single threat actor - TeamPCP - compromised a chain of widely-used open source tools: Trivy, KICS, LiteLLM, and Telnyx. This post looks at the campaign and explores the question: once you've pinned your actions and hardened your runners, what actually detects credential exfiltration from a compromised CI/CD pipeline?
In order to harden our infrastructure and pipelines, we have introduced the open source tool Zizmor into our CI/CD pipelines.
Open source components are getting compromised a lot more often. I did some counting, with a combination of searching, memory, and AI assistance, and we had two in 2026-Q1 ( trivy, axios), after four in 2025 ( shai-hulud, glassworm, nx, tj-actions), and very few historically [1]: Earlier attacks were generally compromises of single projects, but some time around Shai-Hulud in 2025-11 there sta
In order to harden our infrastructure and pipelines, we have introduced the open source tool Zizmor into our CI/CD pipelines.
We have recently been informed by Wiz Research of a supply chain attack targeting the reviewdog/action-setup@v1 GitHub Action. This attack potentially led to the compromise of additional actions, n...
Anne Robinson would like a word with .github/workflows
GitHub Actions has a package manager that ignores decades of supply chain security best practices: no lockfile, no integrity verification, no transitive pinning