GitHub Action Compromise Exposes Secrets in CI/CD Workflows

Cybersecurity researchers have reported an incident involving the GitHub action tj-actions/changed-files, which is used in over 23,000 repositories to track and retrieve modified files in CI/CD workflows. This action has been compromised to disclose secrets from repositories using this continuous integration and continuous delivery integration. The incident highlights the risks associated with popular GitHub actions and their potential for exploitation in large-scale attacks.