SecurityX is issuing this urgent security alert to inform users of a significant supply chain attack targeting GitHub Actions, specifically "tj-actions/changed-files" and its dependency "reviewdog/action-setup". This attack initially targeted Coinbase but has since expanded, potentially exposing sensitive secrets from hundreds of repositories.
Key Findings:
•
A sophisticated supply chain attack initially targeted Coinbase, aiming to exploit the public CI/CD flow of their open-source project "agentkit". The intention was likely to leverage this for further compromises, although the attacker was unable to access Coinbase secrets or publish packages.
•
The attack involved the compromise of the GitHub Action "tj-actions/changed-files" (CVE-2025-30066, CVSS score: 8.6) to inject code that leaked sensitive secrets from repositories running the workflow.
•
Subsequently, it was discovered that the v1 tag of "reviewdog/action-setup" (CVE-2025-30154, CVSS score: 8.6), a dependency of "tj-actions/changed-files" via "tj-actions/eslint-changed-files," was also compromised with a similar malicious payload.
•
An estimated 218 GitHub repositories have been identified as having potentially exposed secrets due to this attack.
•
The leaked information includes credentials for DockerHub, npm, Amazon Web Services (AWS), as well as GitHub install access tokens. While many of these were short-lived GITHUB_TOKENs, the risk of misuse remains.
•
The breach of "reviewdog/action-setup" allowed the attacker to obtain a personal access token (PAT) associated with "tj-actions/changed-files," enabling them to modify the repository and push malicious code, impacting all dependent repositories. This PAT belonged to the tj-bot-actions GitHub user account.
•
The attacker is suspected to have gained unauthorized access to a token with write access to the reviewdog organization to make the malicious alterations, although the exact method is currently unknown.
•
The attacker employed sophisticated techniques to conceal their activity, including leveraging dangling commits, creating multiple temporary GitHub user accounts, and obfuscating workflow logs.
•
Two other GitHub accounts, "2ft2dKo28UazTZ" and "mmvojwip," which forked Coinbase-related repositories and modified the "changelog.yml" file in the agentkit repository to point to the malicious "tj-actions/changed-files" version, have since been deleted.
•
The payloads used in the initial targeted attack on Coinbase and the subsequent widespread attack differed, indicating an attempt by the attacker to remain undetected. The wider attack involved dumping the runner's memory and printing secrets to workflow logs.
•
The initial targeting of Coinbase involved specifically fetching the GITHUB_TOKEN and ensuring the payload only executed for Coinbase repositories.
•
While the ultimate goal is unknown, financial gain, potentially through cryptocurrency theft, is strongly suspected given the focus on Coinbase.
•
One theory suggests the attacker broadened their scope after realizing they couldn't fully compromise Coinbase and fearing the loss of access to the "tj-actions/changed-files" action after Coinbase detected and mitigated the initial attack
Recommendations:
Immediately review your GitHub Actions workflows for any usage of "tj-actions/changed-files" and "reviewdog/action-setup", especially the v1 tag.
Inspect your CI/CD logs from around March 14, 2025, for any suspicious activity or exposed secrets.
Rotate any potentially compromised secrets, including DockerHub, npm, AWS credentials, and GitHub install access tokens
Revoke and regenerate any personal access tokens (PATs) that may have been used in conjunction with the affected GitHub Actions.
Carefully audit all third-party GitHub Actions and other packages used in your projects before updating to new versions. This is a general security best practice emphasized by GitHub.
•
Monitor GitHub for any unusual activity related to your repositories, including unexpected fork pull requests or modifications to workflow files.
•
Consider adopting stricter controls over GitHub Actions permissions and secrets management to limit the potential impact of future supply chain attacks.
SecurityX emphasizes that while GitHub's systems themselves were not compromised, the exploitation of user-maintained open-source projects highlights the ongoing risks associated with supply chain security. We urge all organizations and developers to take immediate action to assess their exposure and implement the recommended security measures.
Stay vigilant and refer to official advisories from GitHub and the affected action maintainers for further updates.