Malicious Code Injected in reviewdog Just Hours Before tj-actions Backdoored. Just days after researchers discovered an attack that subverted a widely used tool for software development platform GitHub, they discovered a second, prior attack, as part of what one expert said may be a chain of supply chain attacks eventually leading to a specific high-value target.
First seen on govinfosecurity.com
Jump to article: www.govinfosecurity.com/second-github-actions-supply-chain-attack-discovered-a-27751
