The popular GitHub Action `tj-actions/changed-files` was compromised, allowing attackers to exfiltrate credentials from GitHub Actions logs. This incident highlights the growing risks of supply chain attacks in the software development ecosystem and emphasizes the importance of monitoring and securing codebases. Public repositories are more vulnerable due to publicly accessible logs, while private repositories are at a slightly lower risk. To determine if an organization was affected, customers can search for `tj-actions/changed-files` in their codebase or run a specific search query on GitHub. Arnica has taken immediate action to protect its customers by deploying custom security rules and ongoing monitoring. It recommends auditing past workflow runs, pinning GitHub Actions to specific hashes, restricting access to secrets, and utilizing real-time security policies to detect suspicious activity. This attack serves as a reminder of the critical need for supply chain security and the importance of proactive measures to stay ahead of evolving software supply chain risks.