<ul><li>The GitHub Action tj-actions/changed-files was compromised, enabling attackers to extract secrets from repositories using the CI/CD workflow.</li><li>Threat actors compromised the GitHub Action tj-actions/changed-files, allowing the leak of secrets from repositories using the continuous integration and continuous delivery CI/CD workflow.</li><li>The tj-actions/changed-files GitHub Action is used in over 23,000 repositories, automating workflows by detecting file changes in commits or pull requests.</li><li>GitHub promptly removed the tj-actions/changed-files Action and users are advised to update to version 46.0.1 and review workflows from March 14-15 for unexpected output in the changed-files section.</li></ul>

GitHub Action tj-actions/changed-files was compromised in supply chain attack

Discover more