Feeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub Repos

Tuesday, May 26, 2026 at 07:47 PM UTC·Source: Dark Reading

Updated: Tuesday, May 26, 2026 at 10:00 PM UTC

Executive Summary

In just six hours, the campaign quietly pushed thousands of malicious commits to more than 5,500 GitHub repositories, stealing credentials, developer secrets, and more.

Analysis

In just six hours, the campaign quietly pushed thousands of malicious commits to more than 5,500 GitHub repositories, stealing credentials, developer secrets, and more.

Source Attribution

Originally published by Dark Reading on May 26, 2026.

Related Threats

MEDIUMMalware

From $5 Attacks to Botnet-Powered Platforms: Inside the DDoS-as-a- Service Market

DDoS attacks are increasingly being sold like subscription services, complete with pricing tiers, support, and reseller programs. Flare explores how the DDoS-as-a-Service market has evolved from scattered tools into polished attack platforms. [...]

1d agoBleepingComputer

MEDIUMMalware

Dutch govt disrupts malware botnet with 17 million infected devices

Dutch authorities have taken offline a massive botnet of 17 million devices and seized more than 200 servers at a local provider that supported the operation. [...]

1d agoBleepingComputer

MEDIUMMalware

BTMOB Android malware service generates custom phishing payloads

An Android remote access trojan named BTMOB is offered to cybercriminals with a builder interface for generating malware payloads tailored to phishing lures. [...]

2d agoBleepingComputer