Security Feed
  1. Archives

Mar 17 2025 Supply chain attack on popular GitHub Action exposes CI/CD secrets

Source

A supply chain attack on the widely used 'tj-actions/changed-files' GitHub Action, used by 23,000 repositories, potentially allowed threat actors to steal CI/CD secrets from GitHub Actions build logs. [...]

Posted by Bill Toulas on Mon 17 March 2025 in BleepingComputer.

Tags: Security.

Categories

  1. Ars Technica
  2. AWS Security
  3. BleepingComputer
  4. Brian Krebs
  5. Bruce Schneier
  6. GCP Security
  7. Google Project Zero
  8. The Daily Swig
  9. The Guardian
  10. The Register
  11. Threatpost

Tag cloud

  • Security
  • Uncategorized
  • Security Blog
  • Security, Identity, & Compliance
  • Biz & IT
  • Security & Identity
  • Microsoft
  • Google
  • Foundational (100)
  • Announcements
  • CryptoCurrency
  • Technical How-to
  • Artificial Intelligence
  • A Little Sunshine
  • Legal
  • Apple
  • Intermediate (200)
  • squid
  • Hacking
  • Advanced (300)
  • Data and computer security
  • Mobile
  • Privacy
  • Healthcare
  • Software

Security Feed. Powered by Pelican and m.css. Code is available on GitLab.