GitHub Action tj-actions/changed-files Compromised, Allowing Attackers to Extract Secrets

The GitHub action tj-actions/changed-files has been compromised, allowing attackers to extract secrets from repositories using the CI/CD workflow. Researchers reported that malicious actors have compromised this action, used in more than 23,000 repositories, to automate workflows. This compromise resulted in the leakage of secrets from repositories using the CI/CD workflow.