Megalodon Attack Poisons Thousands of GitHub Repos via CI/CD Hijacking
Someone has been systematically targeting GitHub repositories at scale. A campaign researchers are calling Megalodon has gone after 5,561 repos by injecting malicious CI/CD workflows, the kind of supply chain attack that can quietly compromise software before it ever ships.
The mechanics are fairly brazen. Attackers submitted pull requests containing tampered GitHub Actions workflow files. If maintainers merge without scrutiny, malicious code runs inside the CI pipeline with whatever secrets and permissions that environment holds. Tokens, credentials, environment variables. All of it potentially in play.
Scale is the point here. Rather than picking high-value targets carefully, Megalodon appears to have cast a wide net across public repositories. Five and a half thousand repos is not surgical. It is a volume play, betting that enough maintainers will click merge without reading the diff closely enough.
CI/CD pipelines have become an increasingly attractive attack surface precisely because developers trust them. The pipeline runs automatically, often with elevated permissions, and most teams are not auditing workflow changes with the same rigour they would apply to application code. That asymmetry is exactly what this campaign exploits.
This is not the first time GitHub Actions has been weaponised this way, and it will not be the last. The pattern is well established at this point: find a trusted automation surface, abuse the implicit trust developers place in it, extract whatever credentials or tokens are accessible.
For maintainers, the immediate takeaway is straightforward. Treat workflow file changes in pull requests from unknown contributors as high-risk. Review them carefully. Restrict what secrets are exposed to workflows triggered by external PRs. GitHub provides controls for this, specifically limiting access for first-time contributors, and they exist for a reason.
The broader picture is that supply chain attacks via CI/CD are becoming routine enough to warrant treating them as a baseline threat rather than an edge case.