{"uuid": "d441d36f-931c-4ecc-8f0d-befe93cb197f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-30066", "type": "exploited", "source": "https://t.me/claytechsolution/252", "content": "The Hacker News\nCISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, tj-actions/changed-files, to its Known Exploited Vulnerabilities (KEV) catalog.\nThe high-severity flaw, tracked as CVE-2025-30066 (CVSS score: 8.6), involves the breach of the GitHub Action to inject malicious code that enables a remote", "creation_timestamp": "2025-03-19T08:47:37.000000Z"}