Skip to main content

Tag: automated supply chain campaign

1 article

Dimly lit workspace with scattered screens and keyboards, featuring empty and blurred computer terminals.

GitHub Megalodon Attack Targets Repos with Malicious CI/CD Workflows

In a shocking six-hour blitz on May 18, 2026, attackers unleashed a massive supply-chain campaign dubbed "Megalodon," pushing 5,718 malicious commits to 5,561 GitHub repositories. The sneaky assault mimicked routine CI maintenance, using fake author names and convincing commit messages to deceive victims.

Analyst 207