I built chainscope: reading supply chain attacks across 6 surfaces, one slide at a time
Introduction On 2025-03-14, the GitHub Action tj-actions/changed-files was hijacked. CVE-2025-30066. The blast radius: 23,000 repositories, 15 hours. When a workflow says uses: tj-actions/changed-files@v44, that v44 is a tag. A tag is just a label pointing at a commit SHA, and on git, tags are rew
ORIGINAL SOURCE →via Dev.to
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] DFIR L3 Interviews
- [CYBER] Cyber proxy wars escalate as hackers shift to infrastructure targets
- [CYBER] cPanel, WHM emergency update fixes critical auth bypass bug
- [CYBER] Vect 2.0 Ransomware Acts as Wiper, Thanks to Design Error
- [CYBER] Hormuz Crisis Drives Insurance Spike
- [CYBER] Exploring training platforms alternative to Mimecast for better phishing awareness.