Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed

The supply chain attack involving the GitHub Action "tj-actions/changed-files" started as a highly-targeted attack against one of Coinbase's open-source projects, before evolving into something more widespread in scope. "The payload was focused on exploiting the public CI/CD flow of one of their open source projects – agentkit, probably with the purpose of leveraging it for further compromises,"

Mar 25, 2025 - 12:19

0 2

Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed

The supply chain attack involving the GitHub Action "tj-actions/changed-files" started as a highly-targeted attack against one of Coinbase's open-source projects, before evolving into something more widespread in scope. "The payload was focused on exploiting the public CI/CD flow of one of their open source projects – agentkit, probably with the purpose of leveraging it for further compromises,"

Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorizati...

What's Your Reaction?

Dislike

Love

Funny

Angry

Sad

Wow

Microsoft Adds Inline Data Protection to Edge for Busin...

Mar 25, 2025 0 1

INTERPOL Arrests 306 Suspects, Seizes 1,842 Devices in ...

Mar 25, 2025 0 3

Outsmarting Cyber Threats with Attack Graphs

Mar 7, 2025 0 5

China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Gl...

Mar 25, 2025 0 2

VSCode Marketplace Removes Two Extensions Deploying Ear...

Mar 25, 2025 0 2

VanHelsing RaaS Launch: 3 Victims, $5K Entry Fee, Multi...

Mar 25, 2025 0 1

Comments

Ce site utilise des cookies pour améliorer votre expérience de navigation. En continuant à utiliser ce site, vous consentez à l'utilisation de cookies. Veuillez consulter notre politique de confidentialité pour plus d'informations sur la façon dont nous traitons vos données.

NewJeans announce hiatus after setback in cou...

Disney's Snow White underwhelms at box office

Blue Peter will lose live 'magic', ex-host says

Mary Berry moved to tears by royal birthday m...

Comic Gatto denies abuse but admits 'poor jud...

L3Harris wins $90 million contract with Space...

Lockheed Martin's multi-mission radar joins p...

Marylander sued by Google, accused of fake re...

Tesla issues sweeping recall notice on Cybert...

Ceasefire talks put Ukraine's Zaporizhzhia on...

YouTube Game Cheats Spread Arcane Stealer Mal...

Ongoing Cyber Attacks Exploit Critical Vulner...

Kaspersky Links Head Mare to Twelve, Targetin...

China-Linked APT Aquatic Panda: 10-Month Camp...

10 Critical Network Pentest Findings IT Teams...

Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed

Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorizati...

U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe

What's Your Reaction?

Recommended Posts

Popular Tags

Most Viewed Posts

Middle East latest: Israel receives remains said to inc...

A top Chinese official tours Thai-Myanmar border to hig...

U.S. charges Chinese hackers, government officials in b...

Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed

What's Your Reaction?

Related Posts

Popular Posts

Recommended Posts

Popular Tags