TeamPCP Compromises 5561 GitHub Repositories via Malicious CI/CD Workflows
Source: Rescana
Published:
<p>A sophisticated and highly automated supply chain attack, designated as the Megalodon campaign, has compromised 5,561 public GitHub repositories by injecting malicious CI/CD workflows . The attack, executed within a six-hour window on May 18, 2026, leveraged compromised developer credentials to p