Supply chain attack exposes login credentials of organizations

A supply chain attack on a popular GitHub tool has exposed sensitive login credentials from tens of thousands of organizations. The tool, tj-actions/changed files, was compromised, allowing hackers to add malicious code that stole user secrets. GitHub confirmed that its platform was not compromised but took action by suspending accounts and removing harmful content. The company restored the account after ensuring all malicious changes were reverted. Security researchers have identified dozens of affected repositories, including those from large enterprises. Users are advised to review their GitHub Actions and inspect for any signs of compromise.