Cybersecurity researchers have disclosed details of a new
automated campaign called Megalodon that has pushed 5,718 malicious
commits to 5,561 GitHub repositories within a six-hour window.
"Using throwaway accounts and forged author identities (build-bot,
auto-ci, ci-bot, pipeline-bot), the attacker injected GitHub
Actions workflows containing base64-encoded bash payloads that
exfiltrate CI
Read more https://thehackernews.com/2026/05/megalodon-github-attack-targets-5561.html
