{"uuid": "52af4ce3-5303-4496-b2c0-6e1935b8465c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-30066", "type": "exploited", "source": "https://t.me/thehackernews/6538", "content": "\ud83d\udea8 Coinbase dodged a bullet\u2014but 218 repos weren\u2019t so lucky.\n\nA GitHub supply chain attack hijacked tj-actions/changed-files, leaking secrets from 200+ projects.\n\n\ud83d\udd0d CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6\n\ud83c\udfaf Targets: DockerHub, npm, AWS creds\n\ud83d\udd75\ufe0f\u200d\u2642\ufe0f Tactics: Fork PRs, dangling commits, burner GitHub accounts\n\nThis isn\u2019t just a glitch. It\u2019s a playbook for future CI/CD attacks.\n\nWhy it matters now? Thousands still trust infected actions. The exploit may be gone\u2014but the method isn\u2019t.\n\n\ud83d\udd17 Dig deeper before your next push: https://thehackernews.com/2025/03/github-supply-chain-breach-coinbase.html", "creation_timestamp": "2025-03-23T06:33:21.000000Z"}