> TritonInfoSec News
Home / May 23, 2026 / Story
0
#7 The Hacker News general May 22, 2026 at 11:55 UTC

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

By [email protected] (The Hacker News)

AI Summary

A campaign dubbed Megalodon pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window, injecting GitHub Actions workflows containing base64-encoded bash payloads designed to exfiltrate CI/CD secrets. The attacker used throwaway accounts with forged identities such as 'build-bot' and 'ci-bot,' representing an unprecedented automated software supply chain poisoning operation.

Read full article → https://thehackernews.com/2026/05/megalodon-github…

Relevance score: 80.0/100

# More from May 23

  1. 1
    Lawmakers Demand Answers as CISA Tries to Contain Data Leak Krebs on Security
  2. 2
    GitHub links repo breach to TanStack npm supply-chain attack BleepingComputer
  3. 3
    Microsoft warns of new Defender zero-days exploited in attacks BleepingComputer
  4. 4
    Drupal: Critical SQL injection flaw now targeted in attacks BleepingComputer
  5. 5
    Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access The Hacker News
  6. 6
    Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks The Hacker News
  7. 8
    First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups The Hacker News
  8. 9
    Trend Micro warns of Apex One zero-day exploited in the wild BleepingComputer
  9. 10
    macOS Kernel Memory Corruption Exploit Schneier on Security