Megalodon Malware Campaign Infects Thousands of GitHub Repositories

A malware campaign dubbed "Megalodon" infected over 5,500 GitHub repositories by pushing thousands of malicious commits within a six-hour period. The attack targeted developer environments, stealing credentials and sensitive secrets. No specific threat actor, CVE IDs, or exact dates were disclosed in the report. The primary impact involved unauthorized access to repositories and exfiltration of confidential data. The campaign exploited GitHub’s commit functionality to propagate the malware. No additional technical details about the malware’s mechanisms were provided.