The repo looks like it uses itself in its workflows, so it's possible that the c... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ImPostingOnHN 9 months ago \| parent \| context \| favorite \| on: Tj-actions/changed-files GitHub Action Compromised... The repo looks like it uses itself in its workflows, so it's possible that the commit being merged resulted in the necessary credentials being leaked to the attacker.

rognjen 9 months ago [–]

There doesn't seem to be a PR for the commit though.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact