A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen ...

The threat actors initially attempted to compromise projects associated with the Coinbase cryptocurrency exchange, said Palo ...

The compromise of GitHub Action tj-actions/changed-files has impacted only a small percentage of the 23,000 projects using it ...

Evidence shows a SpotBugs token compromised in December 2024 was used in the March 2025 GitHub Actions supply chain attack.

CISA confirms cascading attack from reviewdog to tj-actions exposed sensitive credentials across 23,000+ repositories.

We know a bit more about the GitHub Actions supply chain attack from last month. Palo Alto’s Unit 42 has been leading the ...

Leaked SpotBugs PAT in November 2024 led to a GitHub supply chain attack, compromising Coinbase in March 2025.

According to the cybersecurity firms analyzing the incident, the attacker initially tried to compromise the Coinbase ...

Security researchers are warning of a supply chain attack against tj-actions/changed-files GitHub Action, which is used in more than 23,000 repositories. A malicious commit was detected early Friday, ...

Open source software used by more than 23,000 organizations, some of them in large enterprises, was compromised with credential-stealing code after attackers gained unauthorized access to a maintainer ...

It's not such a happy Monday for defenders wiping the sleep from their eyes only to deal with the latest supply chain attack.… StepSecurity disclosed a compromise of the popular GitHub Action tj ...