ChainCatcher reports that SlowMist Cosine posted on X platform, stating that a supply chain attack on Coinbase was attempted using GitHub Actions CI/CD mechanism, fortunately without success. If it had been successful, the next exposed security incident would have been targeting Coinbase. The supply chain attack path on GitHub was: reviewdog/action-setup -> tj-actions/changed-files -> coinbase/agentkit -> stealing GitHub Personal Access Token (PAT), cloud service-related keys, etc. Cosine suggests that enterprises using reviewdog or tj-actions should conduct a self-check.
SlowMist Cosine: Coinbase was attacked by the GitHub Actions CI/CD mechanism supply chain, and companies are advised to self-check related risks
This article is machine translated
Show original
Source
Disclaimer: The content above is only the author's opinion which does not represent any position of Followin, and is not intended as, and shall not be understood or construed as, investment advice from Followin.
Like
Add to Favorites
Comments
Share
