Techly NewsGet the app

Get the latest tech news

Large enterprises scramble after supply-chain attack spills their secrets


tj-actions/changed-files, corrupted to run credential-stealing memory scraper.

"The scary part of actions is that they can often modify the source code of the repository that is using them and access any secret variables associated with a workflow," HD Moore, founder and CEO of runZero and an expert in open-source security, said in an interview. Additionally, Wiz Threat Research has so far identified dozens of repositories affected by the malicious GitHub action, including repos operated by large enterprise organizations. Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords.

Get the Android app

Or read this on ArsTechnica

Read more on:

Photo of secrets

secrets

Photo of large enterprises

large enterprises

Photo of chain attack

chain attack

Related news:

News photo

Facebook’s secrets, by the insider who Zuckerberg tried to silence

News photo

Anthropic CEO Says Spies Are After $100 Million AI Secrets In a 'Few Lines of Code'

News photo

Wallbleed vulnerability unearths secrets of China's Great Firewall 125 bytes at a time

« AirPods Production in India Reportedly Begins Next Month
Philippines’ GCash to Seek At Least $8 Billion IPO Valuation »