For example, in 2025, a successful attack on the GitHub Action reviewdog/action-setup was used to infect the Action tj-actions/changed-files, with an ultimate target of coinbase/agentkit. www.wiz.io/blog/new-git...
A supply chain attack on tj-actions/changed-files leaked secrets. Wiz Research found another attack on reviewdog/actions-setup, possibly causing the compromise.
