New GitHub Action supply chain attack: reviewdog/action-setup

Wiz Research has identified a significant supply chain compromise affecting GitHub Actions, specifically targeting the tj-actions/changed-files repository. This incident resulted in the leakage of secrets across numerous repositories over a recent weekend. Further investigation revealed a linked attack on reviewdog/actions-setup@v1, which potentially facilitated the initial compromise of the former action. This campaign highlights the critical risks associated with third-party dependencies in CI/CD pipelines, where malicious modifications can lead to widespread credential theft and unauthorized access. Organizations utilizing these specific actions are urged to immediately rotate all exposed secrets and thoroughly audit their workflow dependencies for signs of compromise. Security teams should implement strict pinning of action versions using SHA hashes and enhance monitoring for anomalous behavior within development environments to mitigate future supply chain intrusions and protect sensitive intellectual property from exfiltration attempts by unknown adversaries.

A supply chain attack on tj-actions/changed-files caused many repositories to leak their secrets over the weekend. Wiz Research has discovered an additional supply chain attack on reviewdog/actions-setup@v1, that may have contributed to the compromise of tj-actions/changed-files.

Wiz Research has identified a significant supply chain compromise affecting GitHub Actions, specifically targeting the tj-actions/changed-files repository. This incident resulted in the leakage of secrets across numerous repositories over a recent weekend. Further investigation revealed a linked attack on reviewdog/actions-setup@v1, which potentially facilitated the initial compromise of the former action. This campaign highlights the critical risks associated with third-party dependencies in CI/CD pipelines, where malicious modifications can lead to widespread credential theft and unauthorized access. Organizations utilizing these specific actions are urged to immediately rotate all exposed secrets and thoroughly audit their workflow dependencies for signs of compromise. Security teams should implement strict pinning of action versions using SHA hashes and enhance monitoring for anomalous behavior within development environments to mitigate future supply chain intrusions and protect sensitive intellectual property from exfiltration attempts by unknown adversaries. A supply chain attack on tj-actions/changed-files caused many repositories to leak their secrets over the weekend. Wiz Research has discovered an additional supply chain attack on reviewdog/actions-setup@v1, that may have contributed to the compromise of tj-actions/changed-files. A supply chain attack on tj-actions/changed-files caused many repositories to leak their secrets over the weekend. Wiz Research has discovered an additional supply chain attack on reviewdog/actions-setup@v1, that may have contributed to the compromise of tj-actions/changed-files.