CISA warns of CVE-2025–30066, a GitHub supply chain attack exposing secrets via compromised actions logs. Update tj-actions/changed-files by April 4.