Supply-Chain attack compromises popular GitHub Action used by Over 23,000 organizations
Take action: If you are using tj-actions/changed-files in your code or acitons - remove it until the incident is resolved - check the repo for details. In the meantime, review workflow logs for leaked credentials and as precaution, rotate any exposed secrets.
Learn More
A supply-chain attack targeting the widely-used tj-actions/changed-files GitHub Action has exposed sensitive credentials from thousands of organizations, including large enterprises.
Security researchers have identified that an attack has compromised a maintainer account to inject credential-stealing code into a component used in continuous integration/continuous deployment (CI/CD) pipelines.
The injected flaw is tracked as CVE-2025-30066 (CVSS score 8.6), was caused by unauthorized modifications to the source code of all versions of tj-actions/changed-files. The attackers gained access to a maintainer bot account (@tj-actions-bot), modified the "tags" developers use to reference specific code versions, retroactively updated multiple version tags to point to a malicious commit (0e58ed8671d6b60d0890c21b07f8835ace038e67) and injected a memory-scraping payload that extracts credentials from GitHub Actions runners
The compromised code executed a malicious Python script that:
- Identifies the GitHub Actions Runner.Worker process
- Dumps the memory contents of the runner
- Extracts credentials stored in memory
- Writes these credentials to workflow logs, making them publicly visible
Timeline of attack
- March 14, 2025, 9:00 AM PT / 4:00 PM UTC: Initial detection of the incident by StepSecurity through anomaly detection
- March 14, 2025, 11:00 PM UTC: Confirmation that most versions of tj-actions/changed-files were compromised
- March 15, 2025, 2:00 AM UTC: Multiple public repositories discovered with leaked secrets in build logs
- March 15, 2025, 2:00 PM UTC: GitHub removed the tj-actions/changed-files Action
- March 15, 2025, 10:00 PM UTC: The repository was restored without malicious code
- March 16, 2025: Ongoing investigation and remediation
The attack has affected more than 23,000 organizations and dozens of repositories confirmed to have leaked secrets in workflow logs. Exposed credentials include:
- AWS access keys
- GitHub Personal Access Tokens (PATs)
- npm tokens
- Private RSA Keys
- Other sensitive credentials
According to a tj-actions maintainer, the attack stemmed from a compromised credential used by the @tj-actions-bot account to obtain privileged access to the repository. The method of credential compromise remains unclear.
GitHub temporarily suspended user accounts and removed the compromised content. The tj-actions maintainer changed the password used by the bot and protected the account with a passkey
GitHub reinstated the account and restored the content after confirming all malicious changes were reverted. StepSecurity released a free secure drop-in replacement (step-security/changed-files)
Organizations using tj-actions/changed-files should take immediate action:
- Stop using tj-actions/changed-files until the incident is fully resolved
- Review workflow logs for leaked credentials
- Rotate any exposed secrets immediately
