VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Megalodon: Malicious CI/CD workflows on GitHub affected 5,561 repositories

Megalodon: вредоносные CI/CD-воркфлоу на GitHub затронули 5,561 репозиторий

Colleagues — please note: security teams uncovered the Megalodon campaign. Within six hours attackers injected malicious GitHub Actions into thousands of repositories.

- SafeDep: 5,718 commits across 5,561 repositories from throwaway accounts and forged authors.
- Embedded base64 scripts exfiltrate CI variables, cloud credentials, SSH keys, OIDC/GitHub tokens and other secrets to a C2.
- Two vectors identified: mass SysDiag (on: push) and targeted Optimize-Build (workflow_dispatch); post-merge execution spreads the compromise through pipelines.

Why it matters: CI/CD compromise grants broad access to secrets and infrastructure.

What will you do to protect CI/CD?

#cybersecurity #supplychain #GitHub #CI_CD

Latest comments

No comments yet.