Supply Chain Attack on GitHub Actions Targets Coinbase

Researchers have analyzed a cascading supply chain attack on GitHub Actions, linked to the hacking of tj-actions/changed-files and targeting the cryptocurrency platform Coinbase. The attack began with the theft of a token belonging to a SpotBugs developer, allowing the attackers to compromise several projects. This compromise was made possible through the access obtained via the stolen token, thereby affecting the security of multiple projects hosted on GitHub.