Slow Mist Cosine: Coinbase Becomes Target of GitHub Actions CI/CD Mechanism Supply Chain Attack, Fortunately Failed

2025-03-23 07:59

Odaily Planet Daily News: SlowMist Cosine published an article on X platform stating that it used GitHub Actions CI/CD mechanism to attack Coinbase's supply chain. Fortunately, it did not continue to succeed, otherwise the next security incident to be exposed would have targeted Coinbase. The supply chain attack path on GitHub: reviewdog/action setup ->tj actions/changed files ->coinbase/agentkit ->stealing GitHub Personal Access Token (PAT), cloud service related keys, etc. Cosine suggests that if a company uses review dogs or tj actions, it should conduct self inspection.

Slow Mist Cosine: Coinbase Becomes Target of GitHub Actions CI/CD Mechanism Supply Chain Attack, Fortunately Failed

24/7 Flashes

ETH's current market value proportion has risen to 8.82%

俄亥俄州众议员史蒂夫·德米特里奥 (Steve Demetriou) 表示，“我正在哥伦布努力建立比特币储备。”(Watcher.Guru)

Polymarket launches on Solana to enable SOL deposits, expanding beyond USDC

Trump Media Group plans to collaborate with Crypto.com to launch ETF

Arbitrum DAO considers proposal to defund 'Gaming Catalyst Program' backed by 225 million ARB tokens

24/7 Flashes

ETH's current market value proportion has risen to 8.82%

俄亥俄州众议员史蒂夫·德米特里奥 (Steve Demetriou) 表示，“我正在哥伦布努力建立比特币储备。”(Watcher.Guru)

Polymarket launches on Solana to enable SOL deposits, expanding beyond USDC

Trump Media Group plans to collaborate with Crypto.com to launch ETF

Arbitrum DAO considers proposal to defund 'Gaming Catalyst Program' backed by 225 million ARB tokens