GitHub Package tj-actions/changed-files Compromised in Supply Chain Attack

The package tj-actions/changed-files, used by 23,000 organizations on GitHub, has been compromised. This package, part of tj-actions, is one of many GitHub Actions offering a free CI/CD system for public repositories. A recent update to the changed files tool was designed to steal confidential data. This supply chain attack highlights the risks associated with widely used open-source tools.