A sophisticated automated campaign dubbed Megalodon executed one of the largest GitHub supply chain attacks on record, pushing 5,718 malicious commits to 5,561 repositories in just six hours on May 18, 2026. Discovered by SafeDep’s Malysis threat detection engine, the operation weaponized GitHub Actions workflows to silently harvest CI secrets, cloud credentials, and source code from thousands […]
The post Megalodon Malware Compromised 5,500+ GitHub Repositories. appeared first on Cyber Security News.