The safety problem in open source software leaves companies concerned with systems




  • A popular tool for automated software updates fostered through Github
  • A piece of malicious code was added, exposing the user’s secrets
  • Dozens of organizations were already harmed, the researchers said

Tens of thousands of organizations, from SMB to large companies, ran the risk of inadvertently exposing internal secrets after a supply chain attack reached a Github account.

A threat actor compromised the github account of the person (s) that maintains the TJ-Actions/Cambied files, a tool that is part of a larger collection called TJ-Actions, which helps automate software updates and, according to reports, is used by more than 23,000 organizations.

Leave a Comment

Your email address will not be published. Required fields are marked *