GitHub Actions Supply Chain Attack: 23,000 Repos Exposed

In March 2025, attackers compromised the widely-used GitHub Action tj-actions/changed-files (used by over 23,000 repositories) by injecting malicious code that dumped CI/CD secrets into publicly readable workflow logs. CISA issued an advisory under CVE-2025-30066.

The attack was traced back to a compromised GitHub Personal Access Token (PAT) from the SpotBugs project. That single token cascaded into a multi-stage supply chain attack, initially targeting Coinbase's agentkit repository before expanding to all users of the compromised Action.

218 repositories had secrets directly exposed, including AWS access keys, GitHub PATs, npm tokens, and private RSA keys.

This is NHI credential cascading in action. One leaked Personal Access Token, a non-human identity, enabled compromise of a widely-trusted CI/CD component, which in turn exposed hundreds of additional non-human identities across the software supply chain.

The implications for identity architecture are significant. CI/CD pipelines are identity-rich environments filled with service accounts, API keys, and tokens that often have broad access to production systems. Most organizations treat these as DevOps concerns, not identity architecture concerns. That distinction is artificial and dangerous.

NHI governance must extend to the software development lifecycle. Token scoping, automatic rotation, secret scanning, and least-privilege CI/CD configurations are identity architecture decisions, not just DevOps best practices.