Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

Friday, May 22, 2026 at 11:55 AM UTC·Source: The Hacker News

Updated: Friday, May 22, 2026 at 01:00 PM UTC

Executive Summary

Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window. "Using throwaway accounts and forged author identities (build-bot, auto-ci, ci-bot, pipeline-bot), the attacker injected GitHub Actions workflows containing base64-encoded bash payloads that exfiltrate CI

Analysis

Source Attribution

Originally published by The Hacker News on May 22, 2026.

Related Threats

MEDIUMVulnerability

Spain arrests doxer leaking sensitive data of govt employees

The Spanish National Police has arrested an individual for leaking sensitive information related to members of various key state organizations, including the National Cybersecurity Institute (INCIBE). [...]

1h agoBleepingComputer

MEDIUMVulnerability

Inspector general finds NIST mistakes have made vulnerability database ineffective

NIST’s National Vulnerability Database (NVD) backlog mushroomed from 13,000 unprocessed security vulnerabilities in February 2024 to more than 27,000 by the end of 2025, “undermining the NVD’s utility and public trust," according to an inspector general report.

2h agoThe Record

MEDIUMVulnerability

Tina Peters, convicted in election-security breach, emerges defiant and vows legal fight

The former Colorado election clerk struck an unrepentant pose in her first interview after her prison sentence was commuted by Colorado Governor Jared Polis. The post Tina Peters, convicted in election-security breach, emerges defiant and vows legal fight appeared first on CyberScoop .

3h agoCyberScoop