1. Forum
  2. tqwNet
  3. TQW GENTECH

  • GitHub hit with another major attack Megalodon hits over 5,000 r

    From TechnologyDaily@1337:1/100 to All on Mon May 25 16:15:26 2026
    GitHub hit with another major attack Megalodon hits over 5,000 repos with malware-laden commits

    Date:
    Mon, 25 May 2026 15:05:00 +0000

    Description:
    A TeamPCP copycat was just spotted hitting thousands of GitHub repos with an infostealer.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter SafeDep researchers uncovered Megalodon, a TeamPCPinspired campaign infecting over 5,500 GitHub
    repositories with an infostealer targeting CI/CD secrets The wormlike attack spreads via malicious commits from a fake buildbot, stealing cloud keys, SSH credentials, and DevOps configs, with npm packages like Tiledesk
    inadvertently published from poisoned repos Unlike TeamPCPs forum
    competition, Megalodon appears to be a separate copycat actor motivated by recent supplychain attacks, posing risks to both maintainers and downstream users It seems weve gotten our first TeamPCP copycat, and its called Megalodon.

    Late last week, security researchers SafeDep reported finding more than 5,500 GitHub repositories infected with an infostealer that grabs all sorts of secrets from victim developers CI/CD pipeline. In an in-depth report
    published on its blog, SafeDep explained that the attack starts with a submitted malicious commit. The threat actor, named build-bot, faked being a bot that submits automated commits. If these commits, carrying the infostealer, are accepted by the maintainer, they nab all sorts of secrets before propagating to other repos in classic worm fashion. Latest Videos From You may like GitHub confirms breach thousands of internal repositories hit Mini Shai-Halud hackers publish over 600 compromised npm packages GitHub developers targeted by fake VS Code alerts spreading malware

    Among other things, Megalodon was observed grabbing AWS secret keys and
    Google Cloud access tokens, instance role credentials from AWS, GCP, and Azure, SSH private keys, Docker and Kubernetes configurations, Vault tokens, Terraform credentials, and more. Pushing to npm In this stage of attack, the only people at risk are GitHub maintainers. However, if they push their repos to npm, which many do, end-users may get compromised, as well. SafeDep detailed how this scenario happened to the maintainers of Tiledesk:

    Versions 2.18.6 (May 19) through 2.18.12 (May 21) all carry the backdoor. The same npm account, eljohnny (giovanni@tiledesk.com), published both the clean 2.18.5 and the compromised versions. The attacker never touched the npm account. They compromised the GitHub repository, and the maintainer published from the poisoned source without realizing it.

    In its writeup, The Register says that TeamPCP, the threat actor now known
    for targeting GitHub and npm, recently started a supply chain attack competition on Breach Forums, but stressed that Megalodon is likely not part of that competition. Are you a pro? Subscribe to our newsletter Sign up to
    the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners
    or sponsors By submitting your information you agree to the Terms &
    Conditions and Privacy Policy and are aged 16 or over.

    Instead, this seems to be an entirely separate threat actor that was simply motivated by TeamPCPs activities to start their own malicious campaign.

    The full list of compromised repositories can be found on this link .

    Via The Register The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/github-hit-with-another-major-attack-me galodon-hits-over-5-000-repos-with-malware-laden-commits


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)