SupplyChain

CVE-2025-30066: Supply Chain Attack on GitHub Action tj-actions/changed-files

Executive Summary CVE-2025-30066 describes a supply chain attack targeting the widely used GitHub Action tj-actions/changed-files. This attack involved a malicious actor compromising the action and injecting code that leaked secrets from affected public repositories into workflow logs. The vulnerability allowed unauthorized access to sensitive information, potentially leading to credential

Backdoor

CVE-2024-3094: A Deep Dive into the XZ Utils Backdoor Vulnerability

Executive Summary CVE-2024-3094 is a critical supply chain vulnerability discovered in the XZ Utils compression library, specifically affecting versions 5.6.0 and 5.6.1. This vulnerability involves a malicious backdoor embedded in the upstream tarballs of the xz package. The backdoor was obfuscated within the build process of