Open-Source Tool tjactions/changed-files Used to Spy on Sensitive Information in GitHub Actions CI Process

The open-source tool tjactions/changed-files was used to spy on sensitive information during the CI process with GitHub Actions. This information was then stored in the build log. The attack targeted secrets and recorded them in log files, compromising the security of projects using this tool.