When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.

In this case, cybercriminals tampered with a small tool, a GitHub Action called reviewdog/action-setup@v1.

It is a popular tool that helps automate tasks in software projects.

Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol

They then used these codes to inject moremalicious codeinto another widely used tool, called tj-actions/changed-files.

We dont know if any other attacks were more fruitful for the criminals.