cve-2025-30066
Safeguard articles tagged "cve-2025-30066" — guides, analysis, and best practices for software supply chain and application security.
4 articles
tj-actions/changed-files GitHub Action compromise
How the tj-actions/changed-files GitHub Action compromise (CVE-2025-30066) leaked CI/CD secrets from 23,000+ repos, and how to prevent it.
tj-actions Supply Chain Attack March 2025: A Postmortem
The tj-actions/changed-files compromise exposed CI secrets across thousands of public repositories. A postmortem on the attack chain and the GitHub Actions trust model.
tj-actions Compromise: One Year Retrospective
A year after the tj-actions/changed-files compromise leaked CI secrets across thousands of GitHub repos, what did we fix and what is still dangerously convenient?
The tj-actions/changed-files GitHub Action Supply Chain C...
CVE-2025-30066 exposed how a compromised tj-actions/changed-files GitHub Action leaked CI/CD secrets into build logs across 23,000+ repos. Timeline, impact, and fixes.