GitHub supply-chain attack threatens 23,000 organisations

Attack on tj-actions has now been mitigated, but affected companies are advised to rotate credentials

A supply chain attack on a GitHub Actions tool has put up to 23,000 organisations at risk of having credentials stolen.

GitAub Actions is a CI/CD platform that automates code testing and deployment. It supports multiple third-party actions, one of which is tj-actions, a tool designed to reduce complexities and offer additional functionalities to deployers.

Last week attackers succeeded in compromising the tj-actions/changed-files module, used to track changed files and directories, by changing version tags in the repository to point to a malicious commit. That commit was designed to print secrets, such as cryptographic keys, to GitHub Actions build logs where they can be read as plain test.

The compromised commit contained base64-encoded instructions to download Python code which would then scan the memory of the GitHub Runner for credentials. The issue is tracked as CVE-2025-30066.

The malicious commit was removed on Sunday, tj-actions maintainers say.

Maintainer jackton1 wrote “This attack appears to have been conducted from a PAT [personal access token] token linked to @tj-actions-bot account to which "GitHub is not able to determine how this PAT was compromised."

The password for the tj-actions-bot account has been updated, authentication upgraded to use a passkey, and the account’s permissions restricted, jackton1 added.

GitHub has said there is no evidence that the platform was compromised. It temporarily removed the tj-actions/changed-files action pending an update to fix the malicious code. It has now been restored.

The issue was discovered on Friday 14^th March by security vendor StepSecurity. It is thought the initial compromise to the tj-actions repository, used by almost 23,000 organisations, occurred on 12^th March.

“In this attack, the attackers modified the action’s code and retroactively updated multiple version tags to reference the malicious commit,” wrote researcher Varun Sharma.

“The compromised action prints CI/CD secrets in GitHub Actions build logs. If the workflow logs are publicly accessible (such as in public repositories), anyone could potentially read these logs and obtain exposed secrets. There is no evidence that the leaked secrets were exfiltrated to any remote network destination.”

Commenting on the supply chain attack on tj-actions, Michael Clark, director of threat research at security vendor Sysdig, said: “The compromise of the tj-actions/changed-files GitHub Action highlights the growing risk of supply chain attacks in CI/CD environments.”

He continued: “For public repositories, projects that used the compromised version of tj-actions/changed-files between March 12, 2025, 00:00 and March 15, 2025, 12:00 UTC are at high risk. In these cases, sensitive credentials may have been exposed via public logs.

“For private repositories, although the exposure risk is slightly lower, any private repository using the affected action should treat its secrets as potentially compromised.”

Organisations are advised to identify affected repositories and rotate secrets on any affected repos as a matter of urgency, starting with public ones where the risk of unauthorised access to secrets is greater.

The incident is just the latest in a series of recent software supply chain attacks involving GitHub.

Last week a large-scale malvertising campaign using GitHub as a primary attack vector was found to have infected nearly one million devices worldwide.

In February a North Korean hacking group was found to be adding malicious Java Script code to GitHub and npm repositories to steal cryptocurrency.

Want to know more? Computing 's Cybersecurity Festival returns to London in May, where senior IT decision makers can learn about modern challenges, compare strategies with peers, and source solutions. Click here to register for free.