> TritonInfoSec News
Home / May 26, 2026 / Story
0
#3 SecurityWeek general May 25, 2026 at 07:40 UTC

Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack

By Ionut Arghire

AI Summary

A supply chain attack dubbed 'Megalodon' has infected over 5,500 GitHub repositories by injecting fake automated commits that introduce malicious GitHub Actions workflows designed to steal credentials, CI secrets, API keys, and tokens. The scale of this campaign makes it one of the largest GitHub-targeted supply chain attacks observed, posing serious risk to any organization whose repos were compromised. Developers should audit recent Actions workflow changes in their repositories.

Read full article → https://www.securityweek.com/over-5500-github-repo…

Relevance score: 85.0/100

# More from May 26

  1. 1
    Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks Krebs on Security
  2. 2
    Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks The Hacker News
  3. 4
    TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO The Hacker News
  4. 5
    Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms The Hacker News
  5. 6
    FBI warns of Kali365 phishing service targeting Microsoft 365 accounts BleepingComputer
  6. 7
    Laravel-Lang Packages Poisoned for Malware Delivery SecurityWeek
  7. 8
    Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects SecurityWeek
  8. 9
    DocketWise Data Breach Impacts 143,000 SecurityWeek
  9. 10
    266,000 Affected by Data Breach at Radiology Associates of Richmond SecurityWeek