Amethyst Lemmy
  • Communities
  • Create Post
  • Create Community
  • heart
    Support Lemmy
  • search
    Search
  • Login
  • Sign Up
Harry Sintonen@infosec.exchange to Cybersecurity@fedia.io · 2 months ago

The fallout from the malicious tj-actions/changed-files is still being investigated. It is fortuitous that this malicious commit was identified fairly quickly, as further compromise of major OSS

message-square
message-square
2
fedilink
4
message-square

The fallout from the malicious tj-actions/changed-files is still being investigated. It is fortuitous that this malicious commit was identified fairly quickly, as further compromise of major OSS

Harry Sintonen@infosec.exchange to Cybersecurity@fedia.io · 2 months ago
message-square
2
fedilink

The fallout from the malicious tj-actions/changed-files is still being investigated. It is fortuitous that this malicious commit was identified fairly quickly, as further compromise of major OSS components and projects could lead to a kind of chain reaction.

  • https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised
  • https://semgrep.dev/blog/2025/popular-github-action-tj-actionschanged-files-is-compromised/

#infosec #cybersecurity

alert-triangle
You must log in or register to comment.
  • Wary Jerry@infosec.exchange
    link
    fedilink
    arrow-up
    2    ·
    2 months ago

    @harrysintonen@infosec.exchange the second and third order impacts of this could get interesting

    • Harry Sintonen@infosec.exchangeOP
      link
      fedilink
      arrow-up
      2      ·
      edit-2
      2 months ago

      @jerry It largely depends on how well the initial impact is cleaned up. I’m hoping we won’t see a ton of backdoors in various components next.

Cybersecurity@fedia.io

cybersecurity@fedia.io

Subscribe from Remote Instance

Create a post
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !cybersecurity@fedia.io

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

  • Be kind
  • Limit promotional activities
  • Non-cybersecurity posts should be redirected to other communities within infosec.pub.
Visibility: Public
globe

This community can be federated to other instances and be posted/commented in by their users.

  • 49 users / day
  • 162 users / week
  • 497 users / month
  • 1.05K users / 6 months
  • 1 local subscriber
  • 0 subscribers
  • 466 Posts
  • 273 Comments
  • Modlog
  • mods:
  • shellsharks@fedia.io
  • tweedge@fedia.io
  • BE: 0.19.10
  • Modlog
  • Instances
  • Docs
  • Code
  • join-lemmy.org