The repo looks like it uses itself in its workflows, so it's possible that the c... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ImPostingOnHN 12 months ago \| parent \| context \| favorite \| on: Tj-actions/changed-files GitHub Action Compromised... The repo looks like it uses itself in its workflows, so it's possible that the commit being merged resulted in the necessary credentials being leaked to the attacker.

rognjen 12 months ago [–]

There doesn't seem to be a PR for the commit though.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact