TECH NEWS

GitHub hit with another major attack — Megalodon hits over 5,000 repos with malware-laden commits

https://cdn.mos.cms.futurecdn.net/sqGgDPxHyGtqunPo56h9cL-2560-80.jpg
  • SafeDep researchers uncovered Megalodon, a TeamPCP‑inspired campaign infecting over 5,500 GitHub repositories with an infostealer targeting CI/CD secrets
  • The worm‑like attack spreads via malicious commits from a fake “build‑bot,” stealing cloud keys, SSH credentials, and DevOps configs, with npm packages like Tiledesk inadvertently published from poisoned repos
  • Unlike TeamPCP’s forum “competition,” Megalodon appears to be a separate copycat actor motivated by recent supply‑chain attacks, posing risks to both maintainers and downstream users

It seems we’ve gotten our first TeamPCP copycat, and it’s called Megalodon.

Late last week, security researchers SafeDep reported finding more than 5,500 GitHub repositories infected with an infostealer that grabs all sorts of secrets from victim developers’ CI/CD pipeline.

In an in-depth report published on its blog, SafeDep explained that the attack starts with a submitted malicious commit. The threat actor, named “build-bot”, faked being a bot that submits automated commits. If these commits, carrying the infostealer,...

Copyright of this story solely belongs to techradar.com. To see the full text click HERE

Read more

https://www.itvoice.in/wp-content/uploads/2026/06/Copy-of-Redington-2026-06-17T140725.443.jpg

Tenable Sharpens Exposure Management Risk Prioritization with Continuous Security Control Validation

Tenable® Holdings, Inc., the exposure management company, today announced extended continuous security control and validation capabilities within the Tenable One Exposure Management Platform. With security control visibility and evidence-based, contextualized insights, Tenable One confirms which cyber exposures are truly accessible and exploitable for more precise prioritization and overall risk reduction.