BTC $62,430.01 -1.95%
ETH $1,782.19 -1.92%
BNB $568.57 -1.41%
XRP $1.06 -1.98%
SOL $75.17 -2.15%
TRX $0.3241 -2.23%
DOGE $0.0719 -1.56%
ADA $0.1577 -2.47%
BCH $235.80 -2.75%
LINK $7.92 -1.71%
HYPE $63.23 -5.86%
AAVE $95.90 -0.84%
SUI $0.7251 -1.48%
XLM $0.1800 -3.26%
ZEC $500.79 -5.89%
BTC $62,430.01 -1.95%
ETH $1,782.19 -1.92%
BNB $568.57 -1.41%
XRP $1.06 -1.98%
SOL $75.17 -2.15%
TRX $0.3241 -2.23%
DOGE $0.0719 -1.56%
ADA $0.1577 -2.47%
BCH $235.80 -2.75%
LINK $7.92 -1.71%
HYPE $63.23 -5.86%
AAVE $95.90 -0.84%
SUI $0.7251 -1.48%
XLM $0.1800 -3.26%
ZEC $500.79 -5.89%

慢雾余弦:Coinbase 曾遭 GitHub Actions CI/CD 机制供应链攻击,建议企业自查相关风险

2025-03-23 16:07:55
收藏

ChainCatcher 消息,慢雾余弦在 X 平台发文称,利用 GitHub Actions CI/CD 机制供应链攻击 Coinbase,所幸没有继续成功,否则下一个被爆的安全事件就是针对 Coinbase 了。在 GitHub 上的供应链攻击路径:reviewdog/action-setup -> tj-actions/changed-files -> coinbase/agentkit ->窃取 GitHub Personal Access Token(PAT)、云服务有关密钥等。余弦建议,如果企业用到 reviewdog 或 tj-actions,应该进行自查。

app_icon
ChainCatcher 与创新者共建Web3世界