Coinbase was primary target of recent GitHub Actions breaches
Researchers have determined that Coinbase was the primary target in a recent GitHub Actions cascading supply chain attack that compromised secrets in hundreds of repositories. [...]
Stay informed about the latest Github infosec updates, security breaches, and protection strategies with our comprehensive information security news.
Search across headline titles and summaries.
Background for this topic.
GitHub is a hosted software-development platform built around Git repositories. It supports public and private source-code hosting, change review through pull requests, issue tracking, automated workflows, and package distribution. Its repositories and automation are important security assets because they can contain proprietary code, deployment instructions, credentials, and the components used to build released software.
Material risks include accidentally committing secrets, exposing private repositories through misconfigured permissions, and allowing compromised dependencies or workflow actions to run in trusted build environments. Pull requests from untrusted contributors can also become an execution path when workflows handle them unsafely. Security practice includes least-privilege access, strong authentication, protected branches and required reviews, secret scanning and rapid credential revocation, and auditing workflow permissions. Repository history, dependency metadata, and commit provenance can support vulnerability management and incident investigation, but deleting a leaked secret from the latest file does not remove it from historical commits or existing clones.
Researchers have determined that Coinbase was the primary target in a recent GitHub Actions cascading supply chain attack that compromised secrets in hundreds of repositories. [...]
The compromise of GitHub Action tj-actions/changed-files has impacted only a small percentage of the 23,000 projects using it, with it estimated that only 218 repositories exposed secrets due to the supply chain attack. [...]
A cascading supply chain attack that began with the compromise of the "reviewdog/action-setup@v1" GitHub Action is believed to have led to the recent breach of "tj-actions/changed-files" that leaked CI/CD secrets. [...]
A supply chain attack on the widely used 'tj-actions/changed-files' GitHub Action, used by 23,000 repositories, potentially allowed threat actors to steal CI/CD secrets from GitHub Actions build logs. [...]
A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues, tricking developers into authorizing a malicious OAuth app that grants attackers full control over their accounts and code. [...]