ADVERTISEMENT

Megalodon stalks over 5,000 GitHub repos in new assault on open source

A new malware campaign that hijacks GitHub repositories through malicious automated workflows is threatening open-source projects with a further barrage of supply chain attacks.

megalodon campaign hijacks gibhub

Image by Cybernews

Ann-Marie Corvin
Ann-Marie Corvin Senior Journalist
May 22, 2026 3 min read
Key takeaways:
jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News
Add us as your Preferred Source on Google.

Why the focus on workflows?

How the campaign worked

  • build-bot
  • auto-ci, ci-bot
  • pipeline-bot.
NPM supply chain attack
Open source software developers are beginning to experience déjà vu following a wave of similar repo attacks. Image by Cybernews.
ADVERTISEMENT
“Tiledesk shows how repository compromise cascades to package registries. Code review would catch this, but nobody reviews workflow files in npm packages."
SafeDep researchers

Open source under attack

Strong password generator

Upgrade the security of your online accounts.
Create strong passwords that are completely random and impossible to guess.
Generated unique password
Ad link_title
Convenient way to secure and use all your passwords. Now 72% OFF!
github data breach
Researchers argue that platforms such as npm and GitHub should adopt much stronger security and moderation practices.
“Malicious code should be treated the way harmful content is treated on social media – flagged, taken seriously, and removed before it ever reaches end users.”
Ox Security

ADVERTISEMENT