Using GitHub Actions CI/CD mechanism to launch a supply chain attack on Coinbase, fortunately it did not continue to succeed, otherwise the next security incident to be exposed would have targeted Coinbase The supply chain attack path on GitHub: Reviewdog/action setup ->tj actions/changed files ->coinbase/agentkit ->stealing GitHub Personal Access Token (PAT), cloud service related keys, etc If your company uses review dogs or tj actions, conduct a thorough self-examination 👇 https://unit42. (paloaltonetworks.com)/github-actions-supply-chain-attack/