5,561 GitHub Repositories Hit by Megalodon Supply Chain Attack in Six Hours

Cybersecurity firm SafeDep discovered a massive automated attack on the software platform GitHub, targeting 5,561 repositories (software storage locations). Named Megalodon, the campaign pushed 5,718 fake code updates in a short six-hour window on the 18th of May 2026. SafeDep discovered Megalodon using its digital scanning tool, Malysis, which noticed hidden malicious scripts buried inside otherwise clean files.

The hackers used fake GitHub accounts with random eight-character names to hide their tracks, and even changed their system settings to appear official automated services, using fake sender identities like build-bot, auto-ci, ci-bot, and pipeline-bot.

The attack occurred around the same time TeamPCP hackers announced they had compromised a GitHub employee’s device and breached 3,800 repositories through a malicious VS Code extension, showing that developers are actively being targeted.

Hidden Backdoors in System Files

According to SafeDep’s blog post, the attackers used two main automated code techniques, one of which is...

Copyright of this story solely belongs to hackread.com. To see the full text click HERE