Suggested:

Coinbase was attacked by the GitHub Actions CI/CD mechanism supply chain, and companies are advised to self-check related risks

2025-03-2410553 Views

On March 23, SlowMist founder Yu Xian posted on social media, "Using the GitHub Actions CI/CD mechanism to supply chain attack Coinbase, fortunately it did not continue to be successful, otherwise the next security incident to be exposed would be aimed at Coinbase. The supply chain attack path on GitHub: reviewdog/action-configuration -> tj-actions/changed-files -> coinbase/agentkit -> steal GitHub personal access tokens (PAT), cloud service related keys, etc. Yu Xian suggested that if a company uses reviewdog or tj-actions, they should conduct a self-check."

Coinbase was attacked by the GitHub Actions CI/CD mechanism supply chain, and companies are advised to self-check related risks

Contact Us : ymxbxkr@gmail.com