Odaily News SlowMist Yuxian posted on the X platform that it used the GitHub Actions CI/CD mechanism supply chain to attack Coinbase, but fortunately it did not continue to succeed, otherwise the next security incident would be against Coinbase. The supply chain attack path on GitHub: reviewdog/action-setup -> tj-actions/changed-files -> coinbase/agentkit -> steal GitHub Personal Access Token (PAT), cloud service-related keys, etc. Yuxian suggested that if an enterprise uses reviewdog or tj-actions, it should conduct a self-examination.