scribe: "Wow, github action suppy chain…" - Mastodon @ SDF

scribe @scribe@mastodon.sdf.org

Wow, github action suppy chain attack based on a compromised, re-pointed version number.

Check yourself if you're reliant on tj-actions/changed-files.

https://www.infoworld.com/article/3849245/github-suffers-a-cascading-supply-chain-attack-compromising-ci-cd-secrets.html

#security #github

GitHub suffers a cascading supply chain attack compromising CI/CD secrets

CISA confirms cascading attack from reviewdog to tj-actions…

Mar 20, 2025, 16:49 · · Web · 1 · 1

Drag & drop to upload