{"id":2401,"date":"2025-03-19T11:46:26","date_gmt":"2025-03-19T11:46:26","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=2401"},"modified":"2025-03-19T11:46:26","modified_gmt":"2025-03-19T11:46:26","slug":"github-suffers-a-cascading-supply-chain-attack-compromising-ci-cd-secrets","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=2401","title":{"rendered":"GitHub suffers a cascading supply chain attack compromising CI\/CD secrets"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI\/CD secrets across tens of thousands of repositories. The attack, which originally targeted the widely used \u201ctj-actions\/changed-files\u201d utility, is now believed to have originated from an earlier breach of the \u201creviewdog\/action-setup@v1\u201d GitHub Action, according to a report.<\/p>\n<p>The\u00a0<a href=\"https:\/\/www.infoworld.com\/article\/3847178\/thousands-of-open-source-projects-at-risk-from-hack-of-github-actions-tool.html\">initial compromise of tj-actions\/changed-files<\/a>, designated as CVE-2025-30066, was discovered last week when researchers found malicious code injected into the tool. The Cybersecurity and Infrastructure Security Agency (CISA) has\u00a0<a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/03\/18\/supply-chain-compromise-third-party-github-action-cve-2025-30066\">officially acknowledged the issue<\/a>, noting that \u201cThis supply chain compromise allows for information disclosure of secrets including, but not limited to, valid access keys, GitHub Personal Access Tokens (PATs), npm tokens, and private RSA keys.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI\/CD secrets across tens of thousands of repositories. The attack, which originally targeted the widely used \u201ctj-actions\/changed-files\u201d utility, is now believed to have originated from an earlier breach of the \u201creviewdog\/action-setup@v1\u201d GitHub Action, according to a report. The\u00a0initial compromise of tj-actions\/changed-files, designated [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":2402,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-2401","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2401"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2401"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2401\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/2402"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2401"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2401"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2401"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}