Megalodon Mass Github Repo Backdooring Ci Workflows
Source: safedep.io
Published:
<p>On May 18, 2026, an automated campaign codenamed megalodon pushed 5,718 malicious commits to 5,561 GitHub repositories in a six-hour window. Using throwaway accounts and forged author identities ( build-bot , auto-ci , ci-bot , pipeline-bot ), the attacker injected GitHub Actions workflows contai