Tag
secrets-exposure
Safeguard articles tagged "secrets-exposure" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Software Supply Chain Security
tj-actions/changed-files GitHub Action compromise
How the tj-actions/changed-files GitHub Action compromise (CVE-2025-30066) leaked CI/CD secrets from 23,000+ repos, and how to prevent it.
Jul 3, 20266 min read
Incident Analysis
tj-actions/changed-files Compromise: What Happened
A March 2025 GitHub Action compromise rewrote every tagged version to leak secrets. Here is the timeline, attack chain, and what repos need to change.
Jan 14, 20267 min read