On May 18, 2026, an automated supply‑chain campaign called “Megalodon” pushed 5,718 malicious commits into 5,561 GitHub repositories in about six hours by inserting poisoned GitHub Actions workflows that attempted to... Attackers disguised commits as routine CI automation using fake bot identities and forged metadat...

Create a landscape editorial hero image for this Studio Global article: What happened in the “Megalodon” GitHub supply chain attack on May 18, 2026, how were attackers able to inject 5,700+ malicious commits into. Article summary: “Megalodon” was a fast, automated GitHub supply-chain campaign on May 18, 2026 that pushed 5,718 malicious commits into 5,561 public repositories in roughly six hours by slipping poisoned GitHub Actions workflows into re. Topic tags: general, general web, documentation, user generated. Reference image context from search candidates: Reference image 1: visual subject "On May 18, 2026, an automated campaign codenamed `megalodon` pushed 5,718 malicious commits to 5,561 GitHub repositories in a six-hour window. Using throwaway accounts and forged a" source context "Megalodon: Mass GitHub Repo Backdooring via CI Workflows" Reference image 2: visual subject "A sophis
On May 18, 2026, security researchers uncovered a fast‑moving software supply‑chain attack dubbed “Megalodon.” In roughly six hours, attackers pushed 5,718 malicious commits into 5,561 GitHub repositories, one of the largest automated repository‑poisoning campaigns recorded against the platform.
Instead of altering application code, the attackers injected malicious GitHub Actions workflow files. These workflows executed inside CI/CD pipelines and attempted to harvest secrets and credentials whenever the repository’s automation ran.
The operation ran between approximately 11:36 and 17:48 UTC, suggesting a highly automated system designed to compromise large numbers of repositories quickly before maintainers noticed the changes.
The campaign relied on automation and social camouflage to make malicious commits look like normal CI maintenance.
Attackers created throwaway GitHub accounts with randomized usernames and spoofed automation identities such as:
These identities made commits appear to come from routine automation systems rather than a human attacker.
Commit authorship data and messages were crafted to look legitimate—often resembling routine workflow updates or CI configuration tweaks. This helped the commits blend into normal development activity and delayed suspicion.
The campaign focused on repositories where branch protection rules were weak or missing. Without mandatory pull‑request reviews or restrictions on who can modify workflows, attackers could push workflow changes directly to the repository’s default branch.
Each malicious commit inserted a GitHub Actions workflow file containing a Base64‑encoded Bash payload. When the CI pipeline executed, the script ran inside the GitHub Actions runner and began harvesting credentials.
This design meant the attack often remained dormant until the next CI run triggered the workflow.
The Base64‑encoded script embedded in the workflows was designed to collect sensitive data from the CI environment and send it to attacker‑controlled infrastructure.
Reported targets included:
The malware gathered environment variables, system information, and secrets accessible to the CI runner before exfiltrating them to a command‑and‑control server.
Because CI pipelines often contain deployment credentials, compromising a build environment can open paths to cloud infrastructure, package registries, and production deployments.
A major objective of the Megalodon payload was GitHub Actions OIDC tokens.
Modern CI/CD pipelines frequently use OpenID Connect (OIDC) federation to authenticate to cloud providers without storing long‑lived credentials. Instead, a workflow requests a short‑lived identity token that cloud providers exchange for temporary access credentials.
This approach improves security by eliminating static API keys or service‑account credentials. However, it introduces a new risk: if an attacker can steal the token during pipeline execution, they may temporarily impersonate the CI job’s identity.
Because these tokens are trusted by cloud identity systems, a stolen token can potentially be exchanged for temporary cloud access with the same permissions granted to the deployment pipeline.
That means a compromised CI workflow could lead to:
Even though OIDC tokens expire quickly, the permissions attached to them can still make short‑term access highly valuable for attackers.
The Megalodon campaign illustrates a shift in supply‑chain attacks away from modifying application code and toward compromising automation infrastructure.
By targeting CI workflows instead of source code, attackers can:
Because thousands of repositories rely on CI pipelines with powerful credentials, a single workflow modification can expose secrets across many downstream systems.
Around the same time, GitHub disclosed a separate security incident involving a poisoned Visual Studio Code extension installed on an employee device. The malicious extension enabled attackers to access roughly 3,800 internal GitHub repositories before the compromise was contained.
That breach was traced to a compromised developer environment and involved credential harvesting through a trojanized extension distributed via the VS Code marketplace.
Some security reporting notes similarities in timing and tactics between that incident and other supply‑chain attacks targeting development tooling. However, public evidence has not confirmed that the internal GitHub breach directly enabled the Megalodon campaign.
For now, the two incidents are best understood as separate but contemporaneous supply‑chain security events affecting the developer ecosystem.
Megalodon demonstrates how quickly automation can scale a supply‑chain attack across thousands of repositories. By combining impersonated bots, automated commits, and poisoned CI workflows, attackers turned routine build infrastructure into a credential‑harvesting system.
The incident reinforced several defensive priorities for software teams:
As development pipelines increasingly control cloud deployments and production infrastructure, the security of CI/CD workflows has become a critical part of software supply‑chain defense.
Studio Global AI
Use this topic as a starting point for a fresh source-backed answer, then compare citations before you share it.
On May 18, 2026, an automated supply‑chain campaign called “Megalodon” pushed 5,718 malicious commits into 5,561 GitHub repositories in about six hours by inserting poisoned GitHub Actions workflows that attempted to...
On May 18, 2026, an automated supply‑chain campaign called “Megalodon” pushed 5,718 malicious commits into 5,561 GitHub repositories in about six hours by inserting poisoned GitHub Actions workflows that attempted to... Attackers disguised commits as routine CI automation using fake bot identities and forged metadata, targeting repositories with weak branch protections so malicious workflow files could be pushed directly.
The campaign coincided with a separate GitHub incident involving a poisoned VS Code extension that exposed about 3,800 internal repositories, though public evidence has not confirmed a direct operational link between...