Skip to content
The Nexus
SECURITYMay 22 · 18:57 UTCTHE REGISTER

Megalodon chums the waters in 5.5K+ GitHub repo poisonings

A malware campaign called Megalodon poisoned over 5,500 GitHub repositories with CI/CD credential-stealing malware, stealing AWS keys, Google Cloud tokens, and other sensitive credentials. The attack, discovered by SafeDep researchers, was distributed through a compromised Tiledesk package on npm, marking an escalation in supply chain attacks targeting developers.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this
Related Signal

Adjacent reporting