Sophisticated Supply Chain Attack Compromises GitHub Actions

A sophisticated cascading supply chain attack has compromised several GitHub Actions, exposing critical CI/CD secrets in tens of thousands of repositories. The attack, initially targeted at the utility "tj-actions/changed-files," is now suspected to have been triggered by a prior breach of the GitHub action "reviewdog/action-setup@v1." The vulnerability has been fixed in version 46.0.1, according to the CISA. More than 23,000 GitHub repositories use this utility, raising significant concerns within the developer community.