Here’s a concise summary of the article:

A sophisticated supply chain attack has compromised numerous GitHub Actions, exposing sensitive CI/CD secrets like access keys and tokens across tens of thousands of repositories. The attack began with a breach of the “reviewdog/action-setup@v1” GitHub Action, which then spread to the “tj-actions/changed-files” utility. The Cybersecurity and Infrastructure Security Agency (CISA) has acknowledged the vulnerability and a patch (version 46.0.1) is available to mitigate the risk.