Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

thehackernews.com·May 22, 2026

Cybersecurity researchers revealed a new automated campaign named Megalodon, which has injected 5,718 malicious commits into 5,561 GitHub repositories in just six hours, utilizing fake accounts and forged identities to embed harmful GitHub Actions workflows that exfiltrate continuous integration data.

The most valuable insight for you is how the Megalodon campaign highlights the critical need for robust monitoring and anomaly detection on code repositories. Implementing stricter controls and verification processes for GitHub Actions and automated workflows can prevent malicious commits from compromising CI/CD pipelines, which is essential for maintaining the integrity and security of the software supply chain.

Want more content like this?

twixb tracks your favorite blogs and social media, filters by keywords, and delivers personalized key learnings — straight to your inbox.

Create Your Own →Explore Newsfeeds

More from Cybersecurity News

Recent stories curated alongside this one.

Browse all Cybersecurity News →

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

Want more content like this?

More from Cybersecurity News

[Virtual Event] Anatomy of a Data Breach: What to Do if it Happens to You

Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks

Red Hat npm packages compromised to steal developer credentials

Spain arrests doxer leaking sensitive data of govt employees

WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites