Cascading GitHub action supply chain attacks: reviewdog/action-setup leads to tj-actions/changed-files compromise

A sophisticated chain of attacks, reveals how threat actors compromised popular GitHub Actions to steal critical secrets from thousands of repositories. According to a recent report by cybersecurity firm Wiz, the compromise of reviewdog/action-setup@v1 is now believed to be the initial entry point that ultimately led to the breach of tj-actions/changed-files last week.

The attack sequence appears to have followed these steps:

1. Initial compromise: Attackers first targeted the reviewdog/action-setup GitHub Action, specifically its v1 tag, which was compromised between March 11, 2025, 18:42 and 20:31 UTC
2. Payload deployment: A malicious base64-encoded payload was injected directly into the install.sh file used by the workflow
3. Secret exfiltration: This code dumped CI runner memory containing workflow secrets to logs
4. Stealth tactics: After achieving their objective, attackers force-pushed back to an older commit to cover their tracks.
5. Obfuscation: The dumped secrets were double base64 encoded to avoid log masking (GitHub recognises and masks secrets if printed out to logs)
6. Credential theft: The compromised reviewdog action was used by tj-actions/eslint-changed-files, which runs with a Personal Access Token (PAT)
7. Secondary attack: The stolen PAT was used to compromise tj-actions/changed-files
8. Large-scale impact: This subsequently affected approximately 23,000 repositories that use tj-actions/changed-files

The primary confirmed compromise was: reviewdog/action-setup@v1, but the following actions may also be impacted since they use the compromised component:

• reviewdog/action-shellcheck
• reviewdog/action-composite-template
• reviewdog/action-staticcheck
• reviewdog/action-ast-grep
• reviewdog/action-typos

For public repositories, secrets were exposed in workflow logs, though they were obfuscated as double-encoded base64 payloads. Private repositories had secrets exposed only within their own logs. No external exfiltration to attacker-controlled servers has been observed at this time.

Wiz researchers believe this may have been a targeted attack chain aimed at a specific high-value target rather than an indiscriminate campaign, given the attackers' efforts to maintain stealth.

While the exact compromise method remains under investigation, Wiz noted that the reviewdog GitHub Organization has a large contributor base and actively adds contributors through automated invites. This significantly increases the attack surface, making it possible that either a contributor's access was compromised or malicious actors gained contributor access directly.

Organizations should take the following immediate actions:

1. Use GitHub queries to identify any repositories referencing the affected GitHub Actions
2. Check workflow logs for evidence of compromise (look for "🐶 Preparing environment ..." lines and double-encoded base64 strings)
3. Stop using impacted actions immediately and replace them with safer alternatives
4. Remove all references to affected actions across all branches
5. Rotate any leaked secrets as soon as possible
6. Consider downloading workflow logs before deleting them for forensic purposes
7. For future protection, pin GitHub Actions to specific commit hashes rather than version tags
8. Use GitHub's allow-listing feature to block unauthorized GitHub Actions
9. Audit past workflow runs for suspicious activity

Wiz has disclosed these findings to both reviewdog and GitHub. While the reviewdog compromise appears to have been remediated, there remains a risk of cached malicious actions and already leaked secrets