GitHub Action tj-actions/changed-files Compromised to Leak CI/CD Secrets

- Reported on March 17, a popular GitHub Action, **tj-actions/changed-files**, used in over 23,000 repositories, was compromised in a supply chain attack (CVE-2025-30066, CVSS 8.6) before March 14, 2025. Attackers modified the actions code, retroactively updated version tags, and inserted a malicious Python script that exposed CI/CD secrets in build logs, potentially leaking AWS keys, GitHub tokens, and other sensitive credentials. - The attack stemmed from a compromised GitHub Personal Access Token (PAT) linked to **@tj-actions-bot**, which has since been revoked. GitHub has implemented security upgrades, and users are urged to update to **version 46.0.1** and review logs for anomalies. This incident highlights the growing risk of **supply chain attacks** in **open-source software** and CI/CD environments.