ClearDraft

ClearDraft

Large enterprises scramble after supply-chain attack spills their secrets


“Major companies reeling from supply-chain breach exposing sensitive data”


23,000 organizations impacted by open-source supply-chain attack as attackers compromise software with credential-stealing code. Open-source security expert warns of potential risks.

A recent cyber attack has shaken the online world as over 23,000 organizations, including large enterprises, fell victim to compromised open-source software. The breach occurred when unauthorized individuals gained access to a maintainer account, injecting credential-stealing code into a widely used package known as tj-actions/changed-files. This package is a crucial component of tj-actions, a collection of files essential for numerous organizations utilizing Github Actions to streamline software development.

The malicious actors targeted the source code of tj-actions/changed-files, altering the tags used to identify specific code versions. These tags redirected to a file that clandestinely extracted server memory, hunting for sensitive credentials, and logging them for exploitation. Consequently, many repositories utilizing tj-actions inadvertently exposed their confidential information for any prying eyes to see.

“The concerning aspect of these actions lies in their ability to manipulate the repository’s source code and access sensitive variables linked to a workflow,” commented HD Moore, the founder and CEO of runZero and an esteemed open-source security expert. “A cautious approach involves inspecting all source code, followed by securing a specific commit hash instead of relying on tags within the workflow, though this poses its own challenges.”


Published on: 2025-03-17 02:24:00 | Author: Dan Goodin

πŸ”— Source
Our best binoculars for viewing the sun safely have a dazzling 58% off – grab a pair now in time for March's partial solar eclipse

Our best binoculars for viewing the sun safely have a dazzling 58% off – grab a pair now in time for March's partial solar eclipse

Get a stunning 58% discount on top-rated binoculars for safely viewing the sun during March’s partial solar eclipse Get the…
How Economic Headwinds Influence the Ransomware Ecosystem

How Economic Headwinds Influence the Ransomware Ecosystem

The Impact of Economic Conditions on Ransomware Trends Inflation, cryptocurrency market volatility, and defensive investments impact ransomware attacks, say experts…
Five years on, impact of Cyberspace Solarium Commission’s recommendations on US cybersecurity

Five years on, impact of Cyberspace Solarium Commission’s recommendations on US cybersecurity

“Cyberspace Solarium Commission’s Cybersecurity Impact After Five Years” The Cyberspace Solarium Commission’s 2020 report reshaped US cybersecurity strategy, with over…
Inching towards AGI: How reasoning and deep research are expanding AI from statistical prediction to structured problem-solving

Inching towards AGI: How reasoning and deep research are expanding AI from statistical prediction to structured problem-solving

Major Shift in AI: Moving beyond Predictions to Problem-Solving with Reasoning and Deep Research The evolution of AI has reached…
ESET Partners with Rashi Peripherals to Enhance Cybersecurity for Indian Businesses – IT Voice

ESET Partners with Rashi Peripherals to Enhance Cybersecurity for Indian Businesses – IT Voice

“ESET and Rashi Peripherals Join Forces to Boost Cybersecurity for Indian Companies” ESET forms strategic partnership with Rashi Peripherals to…
India Needs a Million Startups to Hit an $8 Trillion Economy by 2035

India Needs a Million Startups to Hit an $8 Trillion Economy by 2035

“India Aims for $8 Trillion Economy by 2035 with 1 Million Startups” Nandan Nilekani predicts a million startups in India…
Dream properties at the touch of a button: Quant and Huawei in Saudi Arabia

Dream properties at the touch of a button: Quant and Huawei in Saudi Arabia

Revolutionizing Real Estate: Quant and Huawei Bring Dream Properties to Saudi Arabia Discover how Quant is revolutionizing Saudi Arabia’s real…
A Lifetime of Passive Income? This Artificial Intelligence (AI) Stock Just Raised Its Dividend 15%, With Lots of Room to Grow.

A Lifetime of Passive Income? This Artificial Intelligence (AI) Stock Just Raised Its Dividend 15%, With Lots of Room to Grow.

“AI Stock Increases Dividend by 15% – Potential for Lifetime Passive Income” Applied Materials, a semiconductor equipment supplier, hikes dividend…
Roblox: all the news about the popular social and gaming platform

Roblox: all the news about the popular social and gaming platform

“The Latest Updates on Roblox: Social and Gaming Platform Buzzing with News” Discover how Roblox, with over 65 million daily…
Apple Reportedly Developing 2 Different Prototypes for Second Generation Studio Display

Apple Reportedly Developing 2 Different Prototypes for Second Generation Studio Display

Apple Developing 2 Different Prototypes for Next Studio Display: Reports Apple is working on multiple prototypes for its second generation…

Copyright Β©cleardraft 2025