Agentic AI Module Added To NHI Training Course

Leaked SpotBugs Token Behind Massive GitHub Supply Chain Attack in 2025

A cascading supply‑chain attack on GitHub, traced in April 2025, started with a leaked personal access token (PAT) from SpotBugs, a popular open‑source static‑analysis tool. The incident enabled attackers to compromise multiple widely used GitHub projects and insert malicious GitHub Actions workflows, ultimately exposing sensitive secrets in at least 218 repositories. The chain reaction demonstrates how a single exposed token can ripple across the open‑source ecosystem with severe consequences.

The attack was meticulously planned: it began as early as November 2024 and finished with active exploitation in March 2025. The exposed PAT allowed the attackers to breach dependencies, override tags, and push malicious workflows, a textbook example of supply‑chain compromise.

What Happened

The GitHub supply-chain attack traced back to SpotBugs began with a single exposed personal access token (PAT), illustrating how a small oversight can trigger a major cascade of compromise. The incident unfolded in several key stages:

  • Initial token leak (Nov–Dec 2024) – A SpotBugs maintainer committed a GitHub Actions workflow that embedded their PAT as a secret. On December 6, 2024, a malicious pull request exploited the pull_request_target trigger to steal this token, giving attackers their first foothold.
  • Privilege escalation & repository takeover – Using the stolen token, attackers added a throwaway user account to the SpotBugs repository. From there, they pushed a malicious workflow and exfiltrated another PAT from a downstream project maintainer, Reviewdog. This allowed them to pivot further across dependent repositories.
  • Poisoning downstream actions – The second stolen token was used to target the reviewdog/action-setup repository. Attackers replaced the v1 tag with a malicious commit, contaminating a widely used GitHub Action, tj-actions/changed-files, along with its dependency tj-actions/eslint-changed-files. Any project using these actions was automatically compromised when workflows executed.
  • Secrets exposed in CI logs – The poisoned actions logged environment variables and secrets from CI runners, including cloud credentials, API keys, tokens, and other sensitive data. In many cases, public or accessible logs allowed attackers to easily harvest these secrets.
  • Wide reach – While the worst-case scenario suggested up to 23,000 affected repositories, investigators confirmed 218 repositories with exposed secrets. Notably, Coinbase was targeted, but its defenses successfully prevented the compromise of critical secrets.

This incident highlights the cascading risks inherent in modern open-source supply chains. A single exposed token in a key repository can quickly escalate into a broad compromise, impacting multiple downstream projects and exposing sensitive secrets.

How It Happened

  • Token exposure – A SpotBugs maintainer accidentally embedded a personal access token (PAT) in a GitHub Actions workflow.
  • Exploitation via pull request – Attackers used the pull_request_target trigger in December 2024 to steal the exposed PAT.
  • Repo takeover – With the stolen token, attackers gained write access, added a throwaway user, and pushed a malicious workflow.
  • Downstream compromise – Attackers moved laterally to the Reviewdog action repository, overwriting the v1 tag with a malicious commit.
  • CI secrets exfiltration – Any project using the compromised action ran the malicious workflow, exposing environment variables, API keys, and other sensitive credentials.

Possible Impact & Risk

  • Credential exposure across many projects – Secrets from cloud keys to API tokens, potentially leaked from CI/CD pipelines.
  • Supply‑chain contamination: A single compromised action polluted many downstream projects, undermining trust in open-source dependencies.
  • Massive blast radius: Organizations relying on affected actions, even indirectly, became exposed.
  • Erosion of trust in open‑source tooling: The attack underscores serious weaknesses in trust assumptions for CI workflows and dependency tagging.
  • Compliance & security fallout: Companies unknowingly using tainted actions could face compliance violations, data leakage, or regulatory scrutiny.

Recommendations

  • Rotate all secrets immediately – If your repo used the compromised actions, rotate credentials, tokens, API keys, and any environment secrets.
  • Audit GitHub Actions logs (Mar 10–14, 2025) – Look for logs containing base64 blobs or suspicious secret dumping, that may indicate exposure.
  • Pin dependencies to commit hashes, not mutable tags – Avoid using floating version tags like v1 for actions, use explicit commit SHA for reproducibility and security.
  • Avoid or limit pull_request_target workflows – Because they can expose secrets to forks, treat them as high-risk and restrict usage.
  • Improve CI/workflow hygiene – Enforce secret-scanning, limit permissions, and use short-lived credentials or CI vaults.
  • Audit third‑party GH Actions – Evaluate actions for suspicious update history, tag changes, or unusual commits, treat them like external dependencies.
  • Segment build environments – Run CI jobs with minimal permissions, avoid injecting secrets unless strictly needed, and isolate build contexts from production.

How NHI Mgmt Group Can Help

Incidents like this underscore a critical truth, Non-Human Identities (NHIs) are now at the center of modern cyber risk. OAuth tokens, AWS credentials, service accounts, and AI-driven integrations act as trusted entities inside your environment, yet they’re often the weakest link when it comes to visibility and control.

At NHI Mgmt Group, we specialize in helping organizations understand, secure, and govern their non-human identities across cloud, SaaS, and hybrid environments. Our advisory services are grounded in a risk-based methodology that drives measurable improvements in security, operational alignment, and long-term program sustainability.

We also offer the NHI Foundation Level Training Course, the world’s first structured course dedicated to Non-Human Identity Security. This course gives you the knowledge to detect, prevent, and mitigate NHI risks.

If your organization uses third-party integrations, AI agents, or machine credentials, this training isn’t optional; it’s essential.

Conclusion

This breach illustrates a dire truth for modern software supply chains: trust is fragile. A single exposed token in a popular open-source project can cascade through dependencies, compromise thousands of repositories, and expose secrets across CI/CD pipelines, all without direct user action.

As DevOps, cloud, and automation practices dominate software delivery, non-human identities (tokens, service accounts, CI credentials) have become among the most powerful, and most dangerous, assets. Without rigorous governance, secret management, and supply‑chain controls, organizations remain at constant risk.

#1 Authority in NHI Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs).

Get in Touch

Quick Links

Legal & Policies

©2025 NHIMG. All right reserved.