The cascading supply chain attack that initially targeted Coinbase before becoming more widespread to single out users of the “tj-actions/changed-files” GitHub Action has been traced further back to the theft of a personal access token (PAT) related to SpotBugs.
“The attackers obtained initial access by taking advantage of the GitHub Actions workflow of SpotBugs, a popular open-source tool forRead More

SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack [email protected] (The Hacker News)
by
Tags:
