Megalodon Supply Chain Attack Hits 5,500+ GitHub Repositories in Six Hours

**Megalodon supply-chain campaign** — On May 18, 2026 attackers pushed 5,718 malicious commits across 5,561 GitHub repositories within ~6 hours, adding or replacing GitHub Actions workflows that harvested CI/CD and cloud credentials (AWS, GCP, Azure), tokens, SSH keys and other secrets; the campaign used workflow_dispatch to create dormant backdoors and led to compromised NPM package releases.