In March 2025, a significant supply chain attack targeted the widely-used tj-actions/changed-files GitHub Action, compromising over 23,000 repositories and exposing sensitive CI/CD secrets. The attack, tracked as CVE-2025-30066, involved injecting malicious code through a spoofed commit, which executed a script leaking credentials via workflow logs. Initial findings suggest the breach originated from a separate attack on reviewdog/actions-setup@v1, highlighting the risk of recurrence. Security teams are advised to take immediate actions such as identifying affected repositories, rotating credentials, and enforcing security practices like pinning GitHub Actions to specific commit hashes. The incident underscores the importance of proactive security measures, and tools like Harness Supply Chain Security (SCS) can help mitigate such risks by identifying vulnerabilities and enforcing minimal token permissions. Future enhancements, including integration with the Traceable eBPF agent, aim to provide improved runtime protection by detecting leaked secrets, monitoring suspicious GitHub Action calls, and identifying malicious remote code execution attempts.