Could a Supply Chain Attack Like tj-actions/change-files Hit GitLab CI/CD Pipelines?
· 4 min read
What Happened?
A critical supply chain attack has impacted the GitHub Actions ecosystem, specifically targeting the widely used tj-actions/changed-files workflow.
This action, commonly used in CI/CD pipelines to detect modified files in pull requests, was compromised, allowing attackers to steal secrets and potentially gain control over repositories.
CVE-2025-30066 has been assigned to this incident.