www.darkreading.com 5/26/2026, 8:21:18 PM · external

Feeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub Repos

Feeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub Repos
CyberSIXT Evidence Panel
Primary Source safedep.io
Threat Actor

A cybersecurity campaign named "Megalodon" has targeted GitHub repositories, injecting malware that steals credentials and developer secrets. Over 5,700 malicious commits were made to more than 5,500 repositories in a span of six hours. The malware exploits GitHub Actions workflows to exfiltrate sensitive information to a command-and-control server. This event follows a concerning trend of supply chain attacks aimed at software infrastructure.

Experts speculate that the attackers used previously stolen credentials and suggest a potential link to the group TeamPCP. Recommendations include blocking connections to the malware's server and auditing GitHub repositories for threats.

View Primary Source Via www.darkreading.com

Article by CyberSIXT