Techly NewsGet the app

Get the latest tech news

Tj-actions/changed-files GitHub Action Compromised – used by over 23K repos


tj-actions/changed-files

The compromised Action now executes a malicious Python script that dumps CI/CD secrets from the Runner Worker process. Note: All these tags now point to the same malicious commit hash: 0e58ed8671d6b60d0890c21b07f8835ace038e67, indicating the retroactive compromise of multiple versions.” StepSecurity Harden-Runner secures CI/CD workflows by controlling network access and monitoring activities on GitHub-hosted and self-hosted runners.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Files

Files

Photo of actions

actions

Photo of K repos

K repos

Related news:

News photo

Popular GitHub Action tj-actions/changed-files is compromised

News photo

Profitable Klarna files for a potentially blockbuster IPO

News photo

Decrypting Encrypted files from Akira Ransomware using a bunch of GPUs

« Peirce Edition Project
Top Stories: Apple Intelligence Siri Delay Sparks Concern, iOS 19 Redesign, and More »