Agentic AI Module Added To NHI Training Course

Forums
The Non-Human & AI ...
NHI Breaches
GitHub Action Breac...
 
Notifications
Clear all

GitHub Action Breach Exposes Thousands of CI/CD Secrets

 
    Last Post
  RSS

 NHI Mgmt Group
(@nhi-mgmt-group)
Prominent Member
Joined: 8 months ago
Posts: 276
Topic starter 18/12/2025 9:39 am  

Executive Summary

In March 2025, a significant supply-chain attack targeted the widely-used GitHub Action, tj-actions/changed-files, impacting approximately 23,000 repositories. The attackers exploited a vulnerability by pushing a malicious commit on March 14, retroactively updating version tags to incorporate harmful code. This led to the exposure of critical CI/CD secrets, including API keys, AWS credentials, and npm/Docker tokens, which were dumped into build logs. Notably, 218 repositories confirmed the leakage of sensitive information, posing a serious risk to numerous projects and their security posture. This incident highlights the vulnerabilities associated with third-party integrations in DevOps pipelines.

👉 Read the full breach analysis from NHI Mgmt Group here

Key Details

Breach Timeline

  • March 14, 2025: Attackers pushed a malicious commit to the tj-actions/changed-files repository.
  • Version tags were retroactively updated, affecting all instances of the action, regardless of user updates.
  • The attack was discovered shortly after, leading to an assessment of impacted repositories.

Data Compromised

  • Critical CI/CD secrets leaked include API keys, AWS credentials, and npm/Docker tokens.
  • At least 218 repositories confirmed the exposure of sensitive information in public logs.

Impact Assessment

  • The breach potentially jeopardized numerous projects relying on the tj-actions/changed-files action.
  • Exposed credentials could allow unauthorized access to cloud services and sensitive data.

Company Response

  • GitHub took immediate action to remove the malicious commit and notified affected users.
  • Developers were urged to rotate compromised credentials and review their CI/CD systems for vulnerabilities.

Security Implications

  • This incident underscores the risks inherent in third-party DevOps tools and supply-chain dependencies.
  • It highlights the necessity of implementing enhanced security measures, such as secret scanning and access controls.

👉 If you want to learn more about how to secure NHIs including AI Agents, check our NHI Foundational Training Course.



   
Quote
Topic Tags
Data Breach GitHub Security CI/CD Vulnerability Supply Chain Attack API Key Exposure
Forum Jump:
  Previous Topic
Next Topic  
Related Topics
Topic Tags:  Data Breach (78) , GitHub Security (5) , CI/CD Vulnerability (1) , Supply Chain Attack (10) , API Key Exposure (2) ,
Share:

#1 Authority in NHI Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs).

Get in Touch

Quick Links

Legal & Policies

©2025 NHIMG. All right reserved.