Techly NewsGet the app

Get the latest tech news

Popular GitHub Action tj-actions/changed-files is compromised


Popular GitHub Action tj-actions/changed-files has been compromised with a payload that appears to attempt to dump secrets, impacting thousands of CI pipelines.

And if we find more information about what tags & commits are affected, we can update the rule over time to become more precise about whether or not you could be impacted. Prioritize repos where your CI runner logs are public, as secrets are dumped to stdout in the payload. About Semgrep lets security teams partner with developers and shift left organically, without introducing friction.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Files

Files

Photo of action

action

Photo of actions

actions

Related news:

News photo

Profitable Klarna files for a potentially blockbuster IPO

News photo

Decrypting Encrypted files from Akira Ransomware using a bunch of GPUs

News photo

The Last of Us season two promises a lot more action alongside devastating drama

« Apple Invents a new Thinner Optical Module to Support Apple's Future iPhone 17 Air
From QED to Neovim »