A cascading supply chain attack on GitHub that ... as well as GitHub Action ecosystem issues like tag mutability and poor audit logging. Projects and repositories that used the compromised actions ...