Researchers disclosed a large-scale software supply chain campaign dubbed “Megalodon,” in which attackers reportedly compromised thousands of GitHub repositories by injecting malicious GitHub Actions workflows designed to exfiltrate secrets and cloud credentials. The campaign ...

Researchers disclosed a large-scale software supply chain campaign dubbed “Megalodon,” in which attackers reportedly compromised thousands of GitHub repositories by injecting malicious GitHub Actions workflows designed to exfiltrate secrets and cloud credentials. The campaign ...

Source: Wiz
Source Link: https://threats.wiz.io/all-incidents/megalodon-campaign-backdoors-github-repositories-via-ci-workflow-compromise