GitHub Action hack likely led to another in cascading supply chain attack

A cascading supply chain attack on GitHub Actions likely led to the compromise of “tj-actions/changed-files,” leaking CI/CD secrets. The attack began with the compromise of “reviewdog/action-setup@v1,” which injected code to dump secrets to log files. Developers are advised to check for references to affected actions, delete workflow logs, and rotate exposed secrets to mitigate risks.