The sequential supply chain breach that first aimed at Coinbase before expanding to specifically identify users of the “tj-actions/changed-files” GitHub Action has been linked back to the appropriation of a personal access token (PAT) associated with SpotBugs.
“The perpetrators gained initial entry by exploiting the GitHub Actions process of SpotBugs, a widely-used open-source utility for