Today’s Topics:

• Coinbase Targeted in GitHub Actions Supply Chain Attack, 218 Repositories Exposed
• FBI Issues Warning on Malicious Online File Converters
• How can Netizen help?

Coinbase Targeted in GitHub Actions Supply Chain Attack, 218 Repositories Exposed

A sophisticated supply chain attack exploiting the GitHub Action “tj-actions/changed-files” was initially directed at one of Coinbase’s open-source projects before rapidly expanding to impact a broader range of repositories. Security researchers at Palo Alto Networks Unit 42 revealed that the attack aimed to exploit the public CI/CD flow of Coinbase’s agentkit project, likely as a stepping stone for further compromises. However, the attackers were unsuccessful in accessing Coinbase’s secrets or publishing malicious packages under its name.

The attack was discovered on March 14, 2025, when researchers identified that the compromised GitHub Action had been altered to inject malicious code capable of exfiltrating sensitive secrets from repositories utilizing the workflow. The vulnerability has been designated CVE-2025-30066, carrying a CVSS score of 8.6, indicating a high-severity risk.

According to security firm Endor Labs, approximately 218 GitHub repositories inadvertently leaked sensitive information due to this compromise. The stolen credentials include DockerHub, npm, and other package management tokens, potentially exposing organizations to further supply chain attacks.

While Coinbase itself avoided direct exposure of its sensitive assets, the breach demonstrates how open-source repositories and CI/CD pipelines remain attractive attack surfaces for threat actors.

Organizations relying on GitHub Actions should immediately audit their workflows, rotate exposed credentials, and implement stricter security controls to mitigate future risks.

FBI Issues Warning on Malicious Online File Converters

The FBI Denver Field Office has issued a warning about a growing cyber threat involving fake online document converters. Cybercriminals are exploiting these tools to steal personal information and, in some cases, deploy ransomware on victims’ devices.

The warning follows an increase in reports of malware infections linked to fraudulent file conversion services. These seemingly legitimate websites offer free document conversion, file merging, and download tools, but instead, they serve as a front for malicious activity.

According to the FBI, cybercriminals operate fraudulent file converter websites that claim to convert files between formats—such as .doc to .pdf—or merge multiple files into a single document. However, when users upload files, these sites either inject malware into the downloaded document or prompt victims to install malicious software under the guise of a converter tool.

The malware can be used for a range of attacks, including data theft, keylogging, spyware deployment, and ransomware infections. The FBI urges victims of these scams to report any suspicious file converter services and to remain cautious when downloading files from unverified sources.

How to Protect Yourself

• Avoid using free, unverified file converters found through search engines.
• Download software only from trusted sources such as official vendor websites.
• Use antivirus software and endpoint protection to detect and block malware.
• Regularly update your operating system and security patches to reduce vulnerabilities.

The FBI’s warning underscores the importance of cyber hygiene in preventing malware infections. Users should remain skeptical of too-good-to-be-true free online tools and always verify the legitimacy of the websites they use.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.