In this episode, we unpack a major supply chain attack that compromised the widely used GitHub Action ‘tj-actions/changed-files’, affecting over 23,000 repositories. Attackers injected malicious code that exposed CI/CD secrets in build logs, creating a potential goldmine for further attacks.
We’ll break down:
🔹 How the attack happened – The use of a compromised GitHub Personal Access Token (PAT).
🔹 The impact – CI/CD secrets dumped in plaintext inside workflow logs.
🔹 Why this attack is different – No data exfiltration, just public exposure.
🔹 GitHub’s response – The compromised code was removed, and a CVE was assigned.
🔹 Lessons for DevOps teams – Best practices to secure CI/CD pipelines.
This attack underscores the growing threat of supply chain vulnerabilities in software development. We’ll explore what went wrong, how you can protect your repositories, and why pinning dependencies to commit hashes is critical.
If your organization uses GitHub Actions, this is a wake-up call. Don’t miss this deep dive into one of the biggest CI/CD security threats of 2025.
