Open source software used by more than 23,000 organizations, some of them in large enterprises, was compromised with credential-stealing code after attackers gained unauthorized access to a maintainer ...

GitHub Action' tj-actions/changed-files' was compromised by attackers who added a malicious commit on March 14, 2025, to dump CI/CD secrets from the Runner Worker process to the repository.

As per the latest update by the developers, the attacker compromised a GitHub personal access token (PAT) used by a bot (@tj-actions-bot), which had privileged access to the tool's repository.

GitHub has since withdrawn the token. The maintainers of the project have changed the password and activated passkey authentication as protection against future attacks. Even if the maintainers ...