Megalodon chums the waters in 5.5K+ GitHub repo poisonings

Megalodon chums the waters in 5.5K+ GitHub repo poisonings

Jump to main content

REG AD

Security

Megalodon chums the waters in 5.5K+ GitHub repo poisonings Will Jason Statham save us?

Jessica Lyons Jessica Lyons

Published fri 22 May 2026 // 19:57 UTC

A malware-spreading scumbag swimming through GitHub pushed malicious commits to more than 5,500 repositories on Monday as part of an automated campaign called Megalodon.Similar to the earlier TeamPCP attacks that poisoned about 3,800 GitHub repositories, this new campaign has so far infected 5,561 repos with CI/CD credential-stealing malware, according to SafeDep researchers, who uncovered the predatory commits and published a full list of the compromised repositories.If a repository owner merges the commit, the malware executes inside their CI/CD pipeline and propagates further, Ox Security lead researcher Moshe Siman Tov Bustan said in a Thursday blog post.

REG AD

Megalodon steals AWS secret keys and Google Cloud access tokens. It also queries AWS, Google Cloud Platform, and Azure metadata for instance role credentials, reads SSH private keys, Docker and Kubernetes configurations, Vault tokens, Terraform credentials, and scans source code for more than 30 secret regex patterns. Then it exfiltrates GitHub tokens, including secrets used to authenticate with cloud providers, thus allowing attackers to impersonate developers’ cloud identities, along with Bitbucket tokens.

REG AD

In other words: consider ALL of your CI/CD variables pwned."We’ve entered a new supply chain attack era, and TeamPCP compromising GitHub was only the beginning,” Bustan told The Register. “What’s coming next is an endless wave, a tsunami of cyber attacks on developers worldwide.”Plus, he added, hacking GitHub “compromises the security of every company with a private repository hosted on the platform.” Malicious code is still reaching their servers, and nothing is stopping it before it does

This new wave of supply chain attacks hitting developers’ environments won’t stop until “companies like npm and GitHub take serious action against the spread of malicious code on their servers,” Bustan said.He noted npm’s statement on X saying it “invalidated npm granular access tokens with write access that bypass 2FA” to prevent additional supply-chain attacks like Mini Shai Hulud.“That could help a little with account hijacking, but it doesn’t solve the actual problem,” Bustan said. “Malicious code is still reaching their servers, and nothing is stopping it before it does.”npm … but not TeamPCPSafeDep spotted Megalodon hidden inside a legitimate package: Tiledesk, an open source live chat and chatbot platform. The attacker backdoored versions 2.18.6 (May 19) through 2.18.12 (May 21), and the same npm maintainer published the last clean version, 2.18.5, before unknowingly publishing these newer compromised versions. 

REG AD

“The attacker never touched the npm account,” the open source supply-chain security startup researchers said. “They compromised the GitHub repository, and the maintainer published from the poisoned source without realizing it.”While publishing malicious packages on npm is a TeamPCP signature move, Bustan said there’s no threat-intel or code-analysis evidence that connects Megalodon to the crew behind the Trivy, Checkmarx, and other recent supply-chain attacks. “Our best guess now is that it's a different threat actor copying their behavior and style, but not much of the code itself,” he told us.And despite TeamPCP open sourcing its Shai-Hulud worm and announcing a supply-chain attack competition on BreachForums, Ox doesn’t believe Megalodon is a contest entry.“We have indications that they are not participating in the TeamPCP contest due to the contest having a specific rule to add a public encryption key that the actor behind the malware could match with his private key to prove his involvement,” Bustan said.Who is built-bot?SafeDep’s threat hunters traced the malicious commit (acac5a9) to an author “build-bot,” connected to the email address build-system[@]noreply.dev with the message “ci: add build optimization step.” MORE CONTEXT GitHub says internal repos exfiltrated after poisoned VS Code extension attack

Shai-Hulud copycat worm infects yet another npm package

TanStack weighs invitation-only pull requests after supply chain attack

Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise

The author name and noreply email mimic automated CI commits, and there’s no GitHub account linked to the author and committer user fields. “Someone pushed the commit to master with no PR and no merge commit, using a compromised PAT or deploy key,” according to the researchers. They searched GitHub for other commits authored by the same email address and found 2,878 results, plus a second email, ci-bot@automated.dev, with an additional 2,841 commits. All landed May 18 during a six-hour window (11:36 to 17:48 UTC) and targeted 5,561 repositories.

REG AD

This includes nine compromised Tiledesk repositories: tiledesk-server, tiledesk-dashboard, tiledesk-telegram-connector, tiledesk-llm, tiledesk-docker-proxy, tiledesk-community-app, tiledesk-campaign-dashboard, tiledesk-helpcenter-template, and tiledesk-ai. Others include Black-Iron-Project with eight compromised repos, WISE-Community, and hundreds of smaller repositories. ®

github cicd supply chain attack security megalodon malware

REG AD

Ucell and ZTE complete large-scale deployment of AI‑Powered green network solution in Uzbekistan

Network-wide rollout boosts energy efficiency by 10.6%, cutting carbon emissions and operational costs without compromising user experience

SaaS

The SaaS-pocalypse can wait, Salesforce still has customers where it wants them

AI coding agents may make software cheaper to build, but switching off major platforms remains expensive, risky, and deeply annoying

ZTE Day Indonesia 2026 strengthens AI innovation and digital infrastructure collaboration to accelerate Indonesia's digital transformation

The annual tech showcase highlights next-gen AI, cloud, and future-ready ICT solutions while uniting ecosystem partners to build the foundation for the nation's AI era

Personal Tech

HP customer claims firmware update shoved printer off support cliff

Internal notes point to cloud connectivity woes for older OfficeJets, though company denies systemic issue

Columnists

Utah tells porn sites to take the P out of VPNs, and it's their fault that they can't

Governments can't touch VPNs technically or commercially. The mess they'll make if they try will be off the scale