A cybersecurity campaign named "Megalodon" has targeted GitHub repositories, injecting malware that steals credentials and developer secrets. Over 5,700 malicious commits were made to more than 5,500 repositories in a span of six hours. The malware exploits GitHub Actions workflows to exfiltrate sensitive information to a command-and-control server. This event follows a concerning trend of supply chain attacks aimed at software infrastructure.
Experts speculate that the attackers used previously stolen credentials and suggest a potential link to the group TeamPCP. Recommendations include blocking connections to the malware's server and auditing GitHub repositories for threats.