SlowMist Cosine: Coinbase was attacked by the GitHub Actions CI/CD mechanism supply chain

PANews reported on March 23 that SlowMist Yuxian tweeted that it used the GitHub Actions CI/CD mechanism to attack Coinbase through the supply chain. Fortunately, it did not continue to succeed, otherwise the next security incident to be exposed would be Coinbase. The supply chain attack path on GitHub:

reviewdog/action-setup -> tj-actions/changed-files -> coinbase/agentkit -> steal GitHub Personal Access Token(PAT), cloud service related keys, etc.

In this regard, Cosine recommends that if companies use reviewdog or tj-actions, they should conduct self-inspections.

Share to:

Author: PA一线

This content is for informational purposes only and does not constitute investment advice.

Follow PANews official accounts, navigate bull and bear markets together
Telegram Discussion Group
Telegram News Channel
@PANews
Recommended Reading
5 hour ago
5 hour ago
2025-12-19 07:17
2025-12-19 05:39
2025-12-19 00:29
2025-12-18 09:43

Popular Articles

Industry News
Market Trends
Curated Readings
Subscribe

Curated Series

App内阅读