Supply chain, Identity, Vulnerability Management

Thousands of GitHub repositories’ secrets exposed by supply chain compromise

(Credit: Ahmed – stock.adobe.com)

More than 23,000 GitHub repositories had their secrets leaked following a high-severity supply chain compromise aimed at the GitHub Action tj-actions/changed-files, tracked as CVE-2025-30066, The Hacker News reports.

Manipulation of the action's code, which was intended to show file changes within a repository, to reflect the malicious commit instead has exposed GitHub Personal Access Tokens, Amazon Web Services access keys, private RSA keys, npm tokens, and other sensitive secrets, according to a report from StepSecurity.

Such an attack has since prompted the implementation of a new password, passkey authentication, and least privilege principles for permissions, as well as the revocation of the impacted PAT.

"Going forward no PAT would be used for all projects in the tj-actions organization to prevent any risk of reoccurrence," said maintainers, who urged immediate upgrades to version 46.0.1 of the GitHub Action.

Meanwhile, the compromise was regarded by Sysdig to be indicative of escalating supply chain attack risks against CI/CD environments.

An In-Depth Guide to Identity

Get essential knowledge and practical strategies to fortify your identity security.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds