Megalodon Malware Compromised 5,500+ GitHub Repositories.

Megalodon is a large, automated GitHub supply-chain campaign that between 11:36 and 17:48 UTC on May 18, 2026 pushed 5,718 malicious commits across 5,561 repositories using throwaway accounts and forged bot identities to install workflow backdoors that exfiltrate CI secrets, cloud credentials, and source code; it included a mass 'SysDiag' workflow and a stealthy 'Optimize-Build' workflow_dispatch variant, and poisoned the npm package @tiledesk/tiledesk-server (v2.18.6–2.18.12), with a C2 at 216.126.225.129:8443 and detailed IoCs and remediation guidance.