Supply Chain Attack Targets Coinbase Open-Source Project

An attack on the supply chain initially targeting Coinbase's open-source project, "agentkit," has been discovered. The attack utilized the GitHub action "tj-actions/changed-files" to exploit the project's public CI/CD workflow, likely aiming to further compromise the system. The attack then evolved to expose the CI/CD secrets of 218 other repositories.