GitHub supply-chain attack, Drupal RCE, AWS GovCloud credential leak

This briefing reports multiple high-impact, active threats: an automated 'Megalodon' campaign injected malicious CI/CD workflows into thousands of GitHub repositories (supply-chain risk); Drupal faces active exploitation of a critical SQL injection (CVE-2026-9082) requiring immediate patching; a CISA contractor publicly exposed AWS GovCloud credentials on GitHub necessitating rotation and forensic review; law enforcement arrested the Kimwolf botnet operator and dismantled First VPN used by ransomware groups. Recommended actions include urgent patching, credential rotation, repo audits, CI/CD protections, IoT scanning, and secrets scanning.