Supply Chain Incident

tj-actions changed-files GitHub Action compromise

The tj-actions/changed-files GitHub Action was compromised, exposing secrets from affected workflow runs through malicious action behavior.

ConfidenceHigh

Evidence LevelResearcher

Attack StageCi Cd Compromise

Source Artifact DivergenceNo

Affected Packages

No structured records.

Affected Releases

No structured records.

Repositories

tj-actions/changed-files

Organizations

tj-actions

Maintainers

No structured records.

Threat Actors

No structured records.

Campaigns

No structured records.

Build Systems

GitHub Actions

Distribution Channels

GitHub Actions Marketplace

Compromised Accounts

tj-actions GitHub Action release path

Connected Entities

GitHub Actions Build System
GitHub Actions Marketplace Distribution Channel
tj-actions Organization
tj-actions GitHub Action release path Compromised Account
tj-actions/changed-files Repository

References

Harden-Runner detection: tj-actions/changed-files action is compromised StepSecurity · 2025-03-15