Dan GoodinMar 17, 2025

Open-source software used by more than 23,000 organizations, some of them in large enterprises, was compromised with credential-stealing code after attackers gained unauthorized access to a maintainer account, in the latest open-source supply-chain attack to roil the Internet.

https://arstechnica.com/information-technology/2025/03/supply-chain-attack-exposing-credentials-affects-23k-users-of-tj-actions/

Large enterprises scramble after supply-chain attack spills their secrets

tj-actions/changed-files corrupted to run credential-stealing memory scraper.

Ars Technica
Show threadDan GoodinMar 17, 2025
The plot in this tj-actions supply-chain attack thickens. Another widely used Github Actions, reviewdog/action-setup, was also tampered with, using similar but not identical methodology. From @wiz
Show threadDan GoodinMar 17, 2025
Show threadDan Goodin
https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup
GitHub Action supply chain attack: reviewdog/action-setup | Wiz Blog

A supply chain attack on tj-actions/changed-files leaked secrets. Wiz Research found another attack on reviewdog/actions-setup, possibly causing the compromise.

wiz.io
Mar 17, 2025 at 10:37pmWeb