Megalodon: Malicious CI/CD workflows on GitHub affected 5,561 repositories

Colleagues — please note: security teams uncovered the Megalodon campaign. Within six hours attackers injected malicious GitHub Actions into thousands of repositories.
- SafeDep: 5,718 commits across 5,561 repositories from throwaway accounts and forged authors.
- Embedded base64 scripts exfiltrate CI variables, cloud credentials, SSH keys, OIDC/GitHub tokens and other secrets to a C2.
- Two vectors identified: mass SysDiag (on: push) and targeted Optimize-Build (workflow_dispatch); post-merge execution spreads the compromise through pipelines.
Why it matters: CI/CD compromise grants broad access to secrets and infrastructure.
What will you do to protect CI/CD?
#cybersecurity #supplychain #GitHub #CI_CD


Latest comments
No comments yet.