Supply chain attack exposes login credentials of organizations

techradar.com

A supply chain attack on a popular GitHub tool has exposed sensitive login credentials from tens of thousands of organizations. The tool, tj-actions/changed files, was compromised, allowing hackers to add malicious code that stole user secrets. GitHub confirmed that its platform was not compromised but took action by suspending accounts and removing harmful content. The company restored the account after ensuring all malicious changes were reverted. Security researchers have identified dozens of affected repositories, including those from large enterprises. Users are advised to review their GitHub Actions and inspect for any signs of compromise.


With a significance score of 4.1, this news ranks in the top 8% of today's 17344 analyzed articles.

Get summaries of news with significance over 5.5 (usually ~10 stories per week). Read by 9000 minimalists.


loading...