A supply chain attack on tj-actions/changed-files leaked secrets. Wiz Research found another attack on reviewdog/actions-setup, possibly causing the compromise.