The fallout from the malicious tj-actions/changed-files is still being investigated. It is fortunate that this malicious commit was identified fairly quickly, as further compromise of major OSS components and projects could lead to a kind of chain reaction.
- https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised
- https://semgrep.dev/blog/2025/popular-github-action-tj-actionschanged-files-is-compromised/
#infosec #cybersecurity
Harry Sintonen /
npub1q2…7d56p
2025-03-15 22:57:19
Author Public Key
npub1q2dlxhrrazeq2ezqps9txhlr799ud3j07m3m58q32fcm6pfm06xqf7d56pPublished at
2025-03-15 22:57:19Event JSON
{
"id": "ae274415368056b631d401b2960ab94f2dfa92e47bd7723cb7f722d8fdee7666",
"pubkey": "029bf35c63e8b20564400c0ab35fe3f14bc6c64ff6e3ba1c115271bd053b7e8c",
"created_at": 1742079439,
"kind": 1,
"tags": [
[
"t",
"infosec"
],
[
"t",
"cybersecurity"
],
[
"proxy",
"https://infosec.exchange/users/harrysintonen/statuses/114168918146048121",
"activitypub"
]
],
"content": "The fallout from the malicious tj-actions/changed-files is still being investigated. It is fortunate that this malicious commit was identified fairly quickly, as further compromise of major OSS components and projects could lead to a kind of chain reaction.\n\n- https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised\n- https://semgrep.dev/blog/2025/popular-github-action-tj-actionschanged-files-is-compromised/\n\n#infosec #cybersecurity",
"sig": "01e9121c74186168380cc1135ac4ea08ba45f312308a9223c7025d6a2add311c543783890cb8c71f7942507102851b951b58b198299af6146e37e59164af0132"
}