Megalodon cyberattack infects 5,500 GitHub open-source repositories with malware, researchers say

0
641

Megalodon cyberattack infects 5,500 GitHub repositories, report says

Security researchers say 5,500 GitHub repositories have been affected by the attack.

 By 

Timothy Beck Werth

 on 

Share on Facebook Share on Twitter Share on Flipboard

The GitHub logo appears on a smartphone screen in this illustration photo

Credit: Jaque Silva/NurPhoto/Shutterstock

A new report in Security Week warns about a cyberattack that infected 5,561 GitHub open-source repositories with malware.

Cybersecurity researchers at SafeDep detailed how the May 18 supply chain attack, dubbed Megalodon, took advantage of GitHub Actions workflows to ultimately harvest user credentials and other data. A full list of the compromised GitHub repositories is available in the SafeDep security report.

The report also details how the hackers pulled off the attack:

On May 18, 2026, an automated campaign codenamed megalodon pushed 5,718 malicious commits to 5,561 GitHub repositories in a six-hour window. Using throwaway accounts and forged author identities (build-bot, auto-ci, ci-bot, pipeline-bot), the attacker injected GitHub Actions workflows containing base64-encoded bash payloads that exfiltrate CI secrets, cloud credentials, SSH keys, OIDC tokens, and source code secrets to a C2 server at 216.126.225.129:8443.

A blog post at StepSecurity also documented the details of the attack.

Mashable Light Speed

"Megalodon is a textbook direct Poisoned Pipeline Execution (d-PPE) attack, a class of CI/CD attack where an adversary with write access to a repository injects malicious code directly into workflow definition files, causing the CI system to execute attacker-controlled commands on the next pipeline run," the blog post reads. (Emphasis in original.)

SafeDep researchers warned GitHub users affected by the attack to revert their repositories and audit all workflow files.

On May 20, GitHub published a blog post about unauthorized access to GitHub-owned repositories via a compromised employee device, but the company hasn't said anything about the alleged Megalodon attack.

However, on April 1, the company published a blog post detailing a new trend of cyberattacks on the open-source supply chain, which often begin by compromising GitHub Actions workflows, as in the Megalodon attack. The blog post includes tips for open-source projects on how "to secure your GitHub Actions workflows" to prevent exactly these types of attacks in the future.

headshot of timothy beck werth, a handsome journalist with great hair

Timothy Beck Werth is the Tech Editor at Mashable, where he leads coverage and assignments for the Tech and Shopping verticals. Tim has over 15 years of experience as a journalist and editor, and he has particular experience covering and testing consumer technology, smart home gadgets, and men’s grooming and style products. Previously, he was the Managing Editor and then Site Director of SPY.com, a men's product review and lifestyle website. As a writer for GQ, he covered everything from bull-riding competitions to the best Legos for adults, and he’s also contributed to publications such as The Daily Beast, Gear Patrol, and The Awl.

Tim studied print journalism at the University of Southern California. He currently splits his time between Brooklyn, NY and Charleston, SC. He's currently working on his second novel, a science-fiction book.

Mashable Potato

These newsletters may contain advertising, deals, or affiliate links. By clicking Subscribe, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.

Suche
Kategorien
Mehr lesen
Spiele
Dead by Daylight's latest Chapter finally adds the Korea map we've waited five years for, and my inner K-pop demon is obsessed
Dead by Daylight's latest Chapter finally adds the Korea map we've waited five years for, and my...
Von Test Blogger6 2026-02-24 17:00:24 0 2KB
Music
Yungblud Responds to Backlash Over Photo With Rammstein Singer
Yungblud Responds to Backlash for Taking Photo With Rammstein's Till LindemannRob Kim, Getty...
Von Test Blogger4 2026-01-28 07:00:13 0 3KB
Technology
Microsoft charges $99.99 per month for a Visual Studio license — get it for life here for $35
Microsoft charges $99.99 per month for a Visual Studio license — get it for life here for $35...
Von Test Blogger7 2026-05-29 10:00:20 0 635
Andere
Exit Interview Software Market Forecast Highlights Strong Global Growth Opportunities
The Exit Interview Software Market Segmentation is expanding steadily as...
Von Akshay Patil 2026-07-01 13:37:31 0 331
Andere
Radon Detector Market Growth Driven by Rising Health Awareness
Introduction The radon detector market is gaining traction as awareness of the health risks...
Von Akshay Patil 2026-02-26 12:33:06 0 3KB