LOWSupply Chain
Global

Automated 'Megalodon' Campaign Spreads GitHub Repo Backdoors

·Source: Bank Info Security

Updated:

Executive Summary

Supply-Chain Attack Uses Malicious GitHub Actions Workflow File to Steal Secrets More than 5,000 GitHub repositories fell victim to an automated campaign, codenamed "Megalodon," in which an attacker injected malicio

Analysis

Supply-Chain Attack Uses Malicious GitHub Actions Workflow File to Steal Secrets More than 5,000 GitHub repositories fell victim to an automated campaign, codenamed "Megalodon," in which an attacker injected malicious GitHub Actions that executed a script designed to steal development environment secrets, plus a variety of keys, tokens and other credentials, researchers said.

Indicators of Compromise (2)

URL (1)
https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/automated-megalodon-campaign-spreads-github-repo-backdoors-image_small-9-a-31772.jpg
VirusTotalURLhaus
Domain (1)
ismg-cdn.nyc3.cdn.digitaloceanspaces.com
VirusTotalURLhaus
Source Attribution

Originally published by Bank Info Security on May 26, 2026.

Related Threats

MEDIUMSupply Chain

Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets

Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil's largest cooperative financial systems, to siphon client IDs and PFX certificates. According to Socket, versions 2.0.0 through 2.0.4 of "Sicoob.Sdk" contain functionality to exfiltrate sensitive information, including PFX certificates that are used to

The Hacker News
CRITICALSupply Chain

Cybersecurity trends in SEC filings

In 2023, the Securities and Exchange Commission (SEC) required public companies to include a new section in their 10-K annual filings that is devoted to cybersecurity. This section is meant to address “cybersecurity risk management, strategy, governance and incidents.” I got curious as to what senior cybersecurity executives are conveying about their companies in these reports. I turned this into

CSO Online
MEDIUMSupply Chain

AI-Generated npm Malware Leaks Its Own GitHub Token

Sloppy AI-generated npm infostealer leaked its own GitHub token, exposing the operator

Infosecurity Magazine