GitHub Actions abused by Megalodon attack to slip malicious commits into 5,500 repos
Source: Csoonline
Published:
<p>A large-scale automated GitHub backdooring campaign was caught pushing thousands of malicious commits into public repositories while posing as routine CI/CD upkeep.</p> <p>Researchers at SafeDep observed the campaign, Megalodon, touching more than five thousand repositories over a six-hour window