Tag: malicious commits

3 articles

Cluttered home office desk with Linux workstation, notes, and technical books.

Arch Linux Cracks Down on Malicious Commits in User Repository

Malicious hackers have launched a massive assault on the Arch User Repository, compromising over 1,500 user-submitted packages and forcing the Arch Linux team to temporarily halt new account signups to contain the damage. The attack has been mitigated, but not before highlighting the vulnerability of community-run package repositories.

Analyst 207Jun 15, 2026

Laptop screen showing GitHub repository page with cityscape background and subtle CI/CD hints.

GitHub Repos Targeted in 5,500+ Malicious Commits

A shocking new campaign, dubbed Megalodon, has injected malware into over 5,500 GitHub repositories, putting sensitive credentials and tokens at risk of being stolen. This alarming attack highlights the growing threat of supply chain attacks, with experts warning that this could be just the beginning.

Analyst 207May 22, 2026

Dimly lit workspace with scattered screens and keyboards, featuring empty and blurred computer terminals.

GitHub Megalodon Attack Targets Repos with Malicious CI/CD Workflows

In a shocking six-hour blitz on May 18, 2026, attackers unleashed a massive supply-chain campaign dubbed "Megalodon," pushing 5,718 malicious commits to 5,561 GitHub repositories. The sneaky assault mimicked routine CI maintenance, using fake author names and convincing commit messages to deceive victims.

Analyst 207May 22, 2026