More than 23,000 GitHub repositories had their secrets leaked following a high-severity supply chain compromise aimed at the GitHub Action tj-actions/changed-files, tracked as CVE-2025-30066, The Hacker News reports.
Manipulation of the action's code, which was intended to show file changes within a repository, to reflect the malicious commit instead has exposed GitHub Personal Access Tokens, Amazon Web Services access keys, private RSA keys, npm tokens, and other sensitive secrets, according to a report from StepSecurity.
The attack has since prompted the implementation of a new password, passkey authentication, and least privilege principles for permissions, as well as the revocation of the impacted PAT.
"Going forward, no PAT would be used for all projects in the tj-actions organization to prevent any risk of reoccurrence," said maintainers, who urged immediate upgrades to version 46.0.1 of the GitHub Action.
On Monday, The Register reported that Wiz followed up on a lead from researcher Adnan Khan and believes that reviewdog/action-setup, a different GitHub Action, was compromised on March 11 and could be the root cause of the stolen PAT at tj-actions.
Now, here's today's MSSP update. Drop me a line at sharon.florentine@cyberriskalliance.com if you have news to share or want to say hi!
Today's MSSP Update
1. VulnCheck Series A: Exploit intelligence company VulnCheck announced a $12 million Series A funding round led by Ten Eleven Ventures, with participation from existing investors, including Sorenson Capital and In-Q-Tel. The latest investment brings its total funding raised to nearly $20 million. VulnCheck will use the funds to fuel international expansion, add feature enhancements for its exploit intelligence platform and scale go-to-market initiatives.
2. Armis's new channel exec: Cybersecurity exposure management firm Armis has appointed Patrick McCue to the role of senior vice president of global partners. In this role, McCue will expand partner engagement and increase partner-driven revenue and services, the company said. Congratulations!
3. Druva integrates with MSFT Sentinel: Druve announced a new integration with Microsoft Sentinel cloud-native SIEM to provide SecOps teams with a unified view of data insights across security and backup environments. This integration incorporates backup telemetry, system behaviors, data anomalies, and threat detections directly into security operations for centralized security monitoring and real-time threat detection. The new integration is available now in Microsoft's Azure Marketplace.
4. Citrix, Google partner on enterprise browser security: Citrix and Google announced an expanded partnership to integrate Google’s Chrome Enterprise Premium browser into the Citrix platform. This new integration gives Citrix customers a simplified solution for secure enterprise browsing. With the Chrome Enterprise integration, Citrix customers can access private and SaaS web apps through the Citrix Platform. Additionally, Citrix and Google are working on a joint roadmap to bring Citrix Secure Private Access to Google Chrome Enterprise, which will be available directly in the Citrix platform.
5. Keyfactor, Utimaco expand partnership: Identity security firm Keyfactor and cybersecurity solutions provider Utimaco announced today they are expanding their partnership to enhance security and scalability for public key infrastructure (PKI) deployments. As part of the expanded partnership, Keyfactor’s next-generation EJBCA Hardware Appliance integrates with Utimaco’s General Purpose Hardware Security Module (HSM) so joint customers can securely issue and manage digital certificates at scale.
