GitHub hit with another major attack — Megalodon hits over 5,000 repos with malware-laden commits

GitHub hit with another major attack — Megalodon hits over 5,000 repos with malware-laden commits

A TeamPCP copycat was just spotted hitting thousands of GitHub repos with an infostealer.

Megalodon cyberattack infects 5,500 GitHub repositories, report says

A new report in Security Week warns about a cyberattack that infected 5,561 GitHub open-source repositories with malware.Cybersecurity researchers at SafeDep detailed how the May 18 supply chain attack, dubbed Megalodon, took advantage of GitHub Actions workflows to ultimately harvest user credentials and other data. A full list of the compromised GitHub repositories is available in the SafeDep security report.The report also details how the hac…

What was the Megalodon GitHub supply-chain attack?

Megalodon: malware laced commits hit thousands of repositories A supply chain attack dubbed Megalodon used automated commits to compromise open source software distribution via GitHub. Security researchers identified the campaign infecting over 5,500 GitHub repositories , with the malicious…

Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack

Fake automated commits injected GitHub Actions workflows containing payloads to steal credentials, CI secrets, keys, and tokens. The post Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack appeared first on SecurityWeek.