Megalodon Attack Injects Malicious Code Into 5,500 GitHub Repos
A coordinated cyber attack called Megalodon compromised over 5,500 public GitHub repositories by injecting malicious commits into GitHub Actions workflows. Researchers at SafeDep detected the campaign on May 18, which pushed 5,718 harmful commits within six hours using stolen credentials. The attack modified workflow files to include base64-encoded scripts designed to steal sensitive data like cloud credentials, SSH keys, and OIDC tokens during code execution. Major targets included repositories from Wiznet, Tiledesk, and persian-tools projects. Security researchers recommend monitoring unexpected workflow runs and reviewing cloud audit logs for suspicious token requests. The operation bore similarities to previous TeamPCP attacks, using backdated commits to conceal malicious activity timing. Source: SafeDep and OX Security Research.
Read the full story
Original reporting by RSS: CSO Online. We only summarise โ never republish.