Find notable cyber news and cases, enriched with sources, timelines, and signals.

Megalodon GitHub CI/CD supply-chain campaign

Campaign
First reported
Last updated
Happening score
H score 50
1 unique sources, 1 articles

Summary

Hide ▲

The Megalodon campaign pushed 5,718 malicious commits into 5,561 GitHub repositories in about six hours, creating a broad CI/CD secret-theft risk across developer projects. Attackers used throwaway accounts and forged CI-style author identities to hide malicious GitHub Actions workflows inside ordinary-looking commits. Once merged, the workflows executed in pipelines and exfiltrated cloud credentials, SSH keys, OIDC tokens, and source-code secrets to a remote C2 server. The scale and automation make many repositories repeatable secret-harvesting targets.

Related Happenings

Single organization's private GitHub repository cloned after confirmed access

Data Leak
H score12 First: 09.07.2026 21:38 Last: 09.07.2026 21:38 Sources 1

About this happening: **Confirmed access** to a **private GitHub repository** belonging to **one organization** marks a concrete **data exposure** and raises the risk of source-code or internal-content...

GitHub API enumeration campaign targeting corporate organizations

Campaign
H score17 First: 09.07.2026 21:38 Last: 09.07.2026 21:38 Sources 1

About this happening: A **GitHub API reconnaissance campaign** is systematically mapping **corporate organizations**, repositories, and user accounts across multiple companies, expanding the risk of fo...

GitHub Agentic Workflows indirect prompt injection security flaw

Vulnerability
H score27 First: 07.07.2026 17:04 Last: 07.07.2026 17:04 Sources 1

About this happening: **GitHub Agentic Workflows** has an **indirect prompt injection** flaw that can let a **public issue** leak content from **private repositories** into public comments. The risk is...

Codfish/semantic-release-action hit by network compromise

Incident
H score21 First: 26.06.2026 14:05 Last: 26.06.2026 14:05 Sources 1

About this happening: The **codfish/semantic-release-action** GitHub Action was hit by a **malicious commit force-push** and **tag redirection** that caused trusted workflows to run attacker code. The...

CI/CD pull-request privilege-escalation flaw (Cordyceps)

Vulnerability
H score32 First: 24.06.2026 15:48 Last: 24.06.2026 15:48 Sources 1

About this happening: **Cordyceps** exposed a **CI/CD workflow privilege-escalation flaw** in **pull-request automation** that let **unauthenticated users** hijack privileged workflows and reach open-s...

Timeline

  1. 22.05.2026 14:55 2 articles · 1mo ago

    Initial report: Megalodon GitHub CI/CD supply-chain campaign

    Initial Disclosure

    The first phase focused on slipping malicious commits into repositories under forged CI-style identities. Those commits planted GitHub Actions workflows that could execute after merge and immediately start harvesting credentials from build environments.

    Show sources