GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials
GitHub Action tags point to malicious commits, exposing CI/CD credentials; 15 second-action tags also compromised.
More info