
Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack
From RADIO 007 by RADIO007
June 1, 2026 · 4 min
About this episode
The episode discusses the Megalodon supply chain attack that infected over 5,500 GitHub repositories.
www.osintinvestigate.com Fake automated commits injected GitHub Actions workflows containing payloads to steal credentials, CI secrets, keys, and tokens.
Topics covered
- cybersecurity
- supply chain attack
- GitHub
- credential theft
- CI secrets
Keywords
- GitHub
- Megalodon
- supply chain
- attack
- credentials
- CI secrets
- payloads
- tokens
Mentioned in this episode
Organizations: GitHub, osintinvestigate.com
More episodes of RADIO 007
- FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins · June 5, 2026 · 9 min
- Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites · June 5, 2026 · 5 min
- Hackers Spied on a Stock Exchange Executive's Outlook Mailbox for Five Months · June 4, 2026 · 4 min
- Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS · June 4, 2026 · 5 min
- FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads · June 4, 2026 · 5 min
- Pakistan-Linked SideCopy Targets Afghanistan Finance Ministry with Xeno RAT · June 2, 2026 · 3 min
Explore listener stats, chart rankings, contacts and more on the RADIO 007 podcast page.