A cascading supply chain attack that began with the compromise of the “reviewdog/action-setup@v1” GitHub Action is believed to have led to the recent breach of “tj-actions/changed-files” that leaked CI/CD secrets.
First seen on bleepingcomputer.com
Jump to article: www.bleepingcomputer.com/news/security/github-action-hack-likely-led-to-another-in-cascading-supply-chain-attack/
