One of the most aggressive supply chain attacks in recent memory has struck the developer ecosystem. A campaign dubbed Megalodon has compromised over 5,500 GitHub repositories in just a few hours, injecting malicious workflows into CI/CD pipelines and exposing sensitive credentials at scale.

The Megalodon GitHub supply chain attack represents a dangerous escalation in automated DevOps-targeted threats, showing how attackers can weaponize trusted automation systems to infiltrate global software infrastructure.

Key Details

According to security researchers, the attack unfolded on May 18, 2026, between 11:36 and 17:48 UTC, during which:

5,718 malicious commits were pushed
5,561 repositories were affected
Attack executed in under 6 hours

The attackers used throwaway GitHub accounts with randomized usernames and impersonated automation systems with identities such as:

build-bot
auto-ci
pipeline-bot

Commit messages like “ci: add build optimization step” were crafted to appear legitimate, allowing them to slip through casual reviews.

Technical Analysis

Workflow Poisoning via GitHub Actions

The Megalodon campaign focused on CI/CD workflow manipulation using GitHub Actions.

Two primary payload variants were deployed:

1. SysDiag (Mass Variant)

Created .github/workflows/ci.yml
Triggered on push and pull_request_target
Ensured execution on every repository update

2. Optimize-Build (Targeted Variant)

Replaced existing workflows
Introduced workflow_dispatch trigger
Remained dormant until activated remotely

The second variant was particularly stealthy, producing no visible CI runs or errors, allowing attackers to maintain hidden persistence.

Credential Harvesting Payload

The injected workflows contained a base64-encoded Bash script (~111 lines) designed for large-scale data exfiltration.

Once triggered, it collected:

CI environment variables and /proc data
AWS, Azure, and GCP credentials
IAM metadata from cloud instances (IMDS endpoints)
SSH keys, Kubernetes configs, Docker credentials
Terraform and Vault secrets
.npmrc, .netrc, and API tokens

The payload also:

Scanned source code for secrets using regex patterns
Extracted GitHub OIDC tokens for cloud impersonation

This enabled attackers to move beyond repositories into cloud environments, dramatically increasing impact.

Command-and-Control (C2) Communication

Both workflow variants connected to a shared C2 server:

hxxp://216[.]126[.]225[.]129:8443

This centralized infrastructure allowed attackers to:

Control execution
Exfiltrate stolen data
Trigger dormant backdoors

Impact and Risks

Massive Ecosystem Exposure

The attack compromised thousands of repositories across:

Open-source projects
Enterprise codebases
CI/CD automation pipelines

Key Risks

Credential theft across multiple cloud providers
CI/CD pipeline compromise
Unauthorized cloud access via OIDC tokens
Hidden persistence through dormant workflows
Supply chain propagation into downstream applications

Real-World Example: Tiledesk

One of the most concerning downstream impacts involved Tiledesk, an open-source platform.

Attackers modified its GitHub workflow
Maintainer unknowingly published compromised versions
npm packages @tiledesk/tiledesk-server (v2.18.6–2.18.12) were affected

Notably, the application code remained clean, highlighting how attacks can propagate solely through pipeline compromise.

Expert Recommendations

Immediate Actions

Revert suspicious commits from May 18, 2026
Audit all .github/workflows/ files
Rotate all exposed credentials, including:
- Cloud keys (AWS, Azure, GCP)
- API tokens
- SSH keys

Secure CI/CD Pipelines

Require approval for external pull request workflows
Disable unnecessary workflow triggers like pull_request_target
Implement workflow execution restrictions

Strengthen Dependency and Access Controls

Pin GitHub Actions to specific commit SHAs
Avoid mutable version tags
Restrict OIDC token permissions

Detection and Monitoring

Monitor for unusual workflow_dispatch events
Audit logs for abnormal cloud identity usage
Use automated tools to scan for malicious workflows

Industry Context

The Megalodon campaign marks a new phase in supply chain attacks:

Shift from code injection → workflow poisoning
Targeting CI/CD pipelines instead of applications
Leveraging automation trust to scale attacks rapidly

This aligns with recent trends where attackers exploit:

GitHub Actions
OIDC authentication flows
Developer automation pipelines

Unlike traditional attacks, these campaigns are:

Highly automated
Difficult to detect through code review
Capable of spreading at ecosystem scale

Conclusion

The Megalodon GitHub supply chain attack demonstrates how modern cyber threats are evolving beyond vulnerabilities in code to exploit the infrastructure that builds and deploys software.

By compromising CI/CD workflows, attackers can bypass traditional defenses, steal sensitive credentials, and propagate malicious activity across thousands of projects in hours.

For organizations, the lesson is clear:
Securing the pipeline is now as critical as securing the code itself.

FAQ SECTION

1) What is the Megalodon attack?

It is a large-scale GitHub supply chain attack that injected malicious CI/CD workflows into over 5,500 repositories.

2) How did the attack work?

Attackers pushed malicious GitHub Actions workflows disguised as legitimate updates, which executed scripts to steal credentials.

3) What data was targeted?

Cloud credentials, API keys, SSH keys, environment variables, and GitHub OIDC tokens.

4) Why is this attack dangerous?

Because it compromises the CI/CD pipeline, allowing attackers to access both code and cloud infrastructure.

5) How can organizations protect themselves?

By auditing workflows, rotating credentials, restricting permissions, and securing CI/CD pipelines.