3 月 23 日，慢雾创始人余弦在社交媒体上发文表示，「利用 GitHub Actions CI/CD 机制供应链攻击 Coinbase，所幸没有继续成功，否则下一个被爆的安全事件就是针对 Coinbase 了。
在 GitHub 上的供应链攻击路径：reviewdog/action-setup -> tj-actions/changed-files -> coinbase/agentkit ->窃取 GitHub Personal Access Token（PAT）、云服务有关密钥等。如果企业用到 reviewdog 或 tj-actions，应该进行自查。」

<div><p>3 月 23 日，慢雾创始人余弦在社交媒体上发文表示，「利用 GitHub Actions CI/CD 机制供应链攻击 Coinbase，所幸没有继续成功，否则下一个被爆的安全事件就是针对 Coinbase 了。</p><p>在 GitHub 上的供应链攻击路径：reviewdog/action-setup -&gt; tj-actions/changed-files -&gt; coinbase/agentkit -&gt;窃取 GitHub Personal Access Token（PAT）、云服务有关密钥等。如果企业用到 reviewdog 或 tj-actions，应该进行自查。」</p></div>

慢雾余弦：Coinbase曾遭GitHub Actions CI/CD机制供应链攻击 ，建议企业自查相关风险

On March 23, the founder of Slow Fog, Yu Xian, posted on social media, "A supply chain attack on Coinbase using GitHub Actions CI/CD mechanism was attempted, fortunately without success. Otherwise, the next exposed security incident would have been targeting Coinbase.

The supply chain attack path on GitHub: reviewdog/action-setup -> tj-actions/changed-files -> coinbase/agentkit -> stealing GitHub Personal Access Token (PAT), cloud service-related keys, etc. If enterprises are using reviewdog or tj-actions, they should conduct a self-check."

<div><p>On March 23, the founder of Slow Fog, Yu Xian, posted on social media, "A supply chain attack on Coinbase using GitHub Actions CI/CD mechanism was fortunately prevented from further success, otherwise the next exposed security incident would have been targeting Coinbase.</p><p>The supply chain attack path on GitHub: reviewdog/action-setup -> tj-actions/changed-files -> coinbase/agentkit -> stealing GitHub Personal Access Token (PAT), cloud service-related keys, etc. If an enterprise uses reviewdog or tj-actions, they should conduct a self-examination."</p></div>

SlowMist Yuxian: Coinbase was attacked by the GitHub Actions CI/CD mechanism supply chain, and companies are advised to self-check related risks

Author: Bitcoin Magazine Pro Team
Translator: BitpushNews

After breaking through $100,000 and reaching a historic high, Bitcoin has entered a continuous downward trend. This price correction naturally raised market doubts about whether Bitcoin still follows the 2017 cycle pattern. This article will analyze the correlation between the current Bitcoin price trend and historical bull market cycles through data analysis, and explore potential future development paths for BTC.

Will It Replicate the 2017 Trend?
Since the low point of the 2022 bear market cycle, Bitcoin's price trajectory and 2015...

After BTC’s violent correction in the first quarter, will it repeat the trend of 2017?

Rationally participate, do a good job of risk control and review.

Potential airdrop expectations + high returns from staking, here are 10 new projects worth paying attention to recently

Binance announced that the Particle Networks PARTI token will be in its HODLer Airdrops program. The PARTI token generation event (TGE) will take place tomorrow, March 25, followed by airdrops and lis...

SlowMist Yuxian: Coinbase was attacked by the GitHub Actions CI/CD mechanism supply chain, and companies are advised to self-check related risks

Download app to participate in rewarding events