Supply Chain Security Risk: GitHub Action tj-actions/changed-files Compromised

On 14–15 March 2025 a malicious commit to the widely-used GitHub Action tj-actions/changed-files (CVE-2025-30066) injected obfuscated code that executed a Python memdump to enumerate runner process memory and leak CI/CD secrets into GitHub Actions build logs; thousands of repositories may be impacted. The report includes the malicious commit hash, payload examples and memory dumps, guidance to identify impacted runs (double base64 decode of long outputs), and immediate mitigations: remove or pin the action to a safe SHA, rotate exposed secrets, audit runners, and adopt CI/CD supply-chain protections.