GitHub Action tj-actions/changed-files Compromised

Security alert: The popular GitHub Action tj-actions/changed-files has been compromised, potentially affecting thousands of repositories. GitHub Actions are widely used in CI/CD pipelines, making this compromise a significant supply chain security concern.

The compromise could allow attackers to inject malicious code into software builds, creating supply chain vulnerabilities that affect downstream consumers of affected repositories.

Impact

• Potential supply chain attack affecting thousands of repositories
• Risk of malicious code injection into CI/CD pipelines
• Need for immediate action to revoke compromised versions
• Best practices for securing GitHub Actions