this post was submitted on 15 Mar 2025
4 points (100.0% liked)

Cybersecurity

12 readers
10 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

founded 2 years ago
MODERATORS
shellsharks@fedia.io
tweedge@fedia.io
4
The fallout from the malicious tj-actions/changed-files is still being investigated. It is fortuitous that this malicious commit was identified fairly quickly, as further compromise of major OSS (infosec.exchange)
submitted 1 week ago by harrysintonen@infosec.exchange to c/cybersecurity@fedia.io
2 comments fedilink hide all child comments
 

The fallout from the malicious tj-actions/changed-files is still being investigated. It is fortuitous that this malicious commit was identified fairly quickly, as further compromise of major OSS components and projects could lead to a kind of chain reaction.

#infosec #cybersecurity

top 2 comments
sorted by: hot top controversial new old
[โ€“] jerry@infosec.exchange 2 points 1 week ago (1 children)

@harrysintonen@infosec.exchange the second and third order impacts of this could get interesting

[โ€“] harrysintonen@infosec.exchange 2 points 1 week ago* (last edited 1 week ago)

@jerry It largely depends on how well the initial impact is cleaned up. I'm hoping we won't see a ton of backdoors in various components next.