GitHub Action supply chain attack: reviewdog/action-setup | Wiz Blog
A supply chain attack on tj-actions/changed-files leaked secrets. Wiz Research found another attack on reviewdog/actions-setup, possibly causing the compromise.
[Security Advisory] Supply Chain Attack on reviewdog GitHub Actions during a specific time period · Issue #2079 · reviewdog/reviewdog
github.comWe have recently been informed by Wiz Research of a supply chain attack targeting the reviewdog/action-setup@v1 GitHub Action. This attack potentially led to the compromise of additional actions, n...
GitHub Actions Supply Chain Attack: A Targeted Attack on Coinbase Expanded to the Widespread tj-actions/changed-files Incident: Threat Assessment (Updated 4/2)
A compromise of the GitHub action tj-actions/changed-files highlights how attackers could exploit vulnerabilities in third-party actions to compromise supply chains. A compromise of the GitHub action tj-actions/changed-files highlights how attackers could exploit vulnerabilities in third-party actions to compromise supply chains.
A Retrospective Survey of 2024/2025 Open Source Supply Chain Compromises
Project compromises have common root causes we can mitigate: phishing, control handoff, and unsafe GitHub Actions triggers.