Skip to main content

Tag: megalodon

2 articles

Laptop screen showing GitHub repository page with cityscape background and subtle CI/CD hints.

GitHub Repos Targeted in 5,500+ Malicious Commits

A shocking new campaign, dubbed Megalodon, has injected malware into over 5,500 GitHub repositories, putting sensitive credentials and tokens at risk of being stolen. This alarming attack highlights the growing threat of supply chain attacks, with experts warning that this could be just the beginning.

Analyst 207
Dimly lit workspace with scattered screens and keyboards, featuring empty and blurred computer terminals.

GitHub Megalodon Attack Targets Repos with Malicious CI/CD Workflows

In a shocking six-hour blitz on May 18, 2026, attackers unleashed a massive supply-chain campaign dubbed "Megalodon," pushing 5,718 malicious commits to 5,561 GitHub repositories. The sneaky assault mimicked routine CI maintenance, using fake author names and convincing commit messages to deceive victims.

Analyst 207