
GitHub Attack Hits Thousands of Repos
An automated attack named Megalodon targeted 5,561 GitHub repositories in a six-hour period. Attackers used throwaway accounts to push malicious commits containing GitHub Actions workflows designed to steal secrets from CI/CD pipelines, such as API keys and other sensitive environment variables.












