The "Megalodon" Campaign: 5718 malicious commits to 5561 GitHub repos
Β·
0 reactions
Β·
0 comments
Β·
11 views
π¨ The "πΌππππππππ" Campaign is live... π»,π½π·πΎ malicious commits to π»,π»πΌπ· GitHub repositories in a six-hour window. Using throwaway accounts and forged author identities (build-bot, auto-ci, ci-bot, pipeline-bot), the attacker injected πΆπππ·ππ π°ππππππ workflows containing πππππΌπΊ-πππππππ bash payloads that exfiltrate: - CI secrets, - cloud credentials - SSH keys - OIDC tokens - source code secrets Check your repo / Technical details: https://safedep.io/megalodon-mass-github-repo-backdooring-ci-workflows/
Original article
Nitter
Anonymous Β· no account needed
Discussion
0 commentsMore from Nitter
The craziest steroid Olympics ended in total embarrassment
NitterΒ·12
Russian censors target Visual Novel titles on Steam
NitterΒ·24
APKPure is distributing a malicious copy of Telegram
NitterΒ·17
Qwen 3.7 Max is on OpenRouter: $2.5 in, $7.5 out
NitterΒ·12
FBI faked a cryptocurrency to catch fraudulent market makers
NitterΒ·11
Why does Kalshi share your user id to Wall Street market makers in RFQ API?
NitterΒ·11