safedep.io via Reddit

Megalodon campaign backdoors GitHub CI/CD at scale

cybersecurity supply-chain-attack github ci-cd cybersecurity

Key insights

  • Megalodon backdoors GitHub Actions workflow files directly, affecting any language or stack using GitHub-hosted CI/CD.
  • The attack vector is distinct from package-registry poisoning, meaning existing npm or PyPI defenses do not cover this exposure.
  • SafeDep identified Megalodon as a separate campaign from Shai-Hulud, suggesting a coordinated or parallel threat actor operation.

Why this matters

CI/CD pipeline compromise is one of the highest-privilege attack surfaces in software development, as workflow files execute with repository secrets and deployment credentials during every build. The scale implied by 'mass backdooring' means the blast radius extends to downstream users of any affected open source project, not just the maintainers. For technical leaders, this signals that supply chain security controls scoped to package registries are insufficient if the build environment itself can be silently modified.

Summary

SafeDep researchers have exposed a mass repository backdooring campaign called Megalodon, targeting GitHub Actions workflow configuration files across projects of any language or stack. Unlike last week's Shai-Hulud campaign, which focused on npm packages, Megalodon operates at the infrastructure layer, injecting malicious code directly into CI/CD pipeline definitions rather than published packages. The attack vector is significant because workflow files are often treated as configuration rather than executable code, meaning they receive less scrutiny during code review. Any project using GitHub Actions is a potential target, regardless of whether it publishes to a package registry. Essentially: (SafeDep, GitHub) are at the center of a widening supply chain threat where the build pipeline itself is the exploit surface. - Megalodon targets .github/workflows files directly, allowing attackers to execute arbitrary code during CI runs across any affected repository. - The campaign is distinct from package-level attacks, broadening exposure beyond npm, PyPI, or any single ecosystem. - Scope of affected repositories has not been fully quantified in public disclosure as of this reporting. The shift from poisoning packages to poisoning pipelines means the entire GitHub-hosted open source ecosystem is effectively in scope, not just the subset that publishes artifacts.

Potential risks and opportunities

Risks

  • Organizations with GitHub Actions workflows that store cloud provider credentials as secrets could face credential exfiltration if any dependency repository in their supply chain was compromised by Megalodon.
  • Open source maintainers who are unaware their workflow files were modified may unknowingly distribute backdoored artifacts to downstream enterprise consumers for weeks or months before detection.
  • GitHub faces reputational and regulatory pressure if the campaign's scope proves large, particularly among enterprise customers subject to SOC 2 or FedRAMP compliance requirements that mandate CI/CD integrity controls.

Opportunities

  • CI/CD security vendors (Chainguard, Semgrep, Legit Security, Endor Labs) are positioned to accelerate pipeline-integrity product adoption among enterprises newly aware of workflow-file attack surfaces.
  • SLSA and sigstore-based build provenance tooling gains a concrete threat case to drive adoption, benefiting implementers like Google's OpenSSF team and GitHub itself with Artifact Attestations.
  • Managed DevSecOps platforms (Snyk, Wiz) that offer workflow file scanning as part of broader ASPM (Application Security Posture Management) suites can use Megalodon as a direct sales motion with security-aware engineering teams.

What we don't know yet

  • Total number of compromised repositories has not been disclosed, making it impossible to assess true campaign scale as of May 2026.
  • Whether GitHub's own security tooling (Secret Scanning, Dependabot) detected or flagged any Megalodon-modified workflow files before SafeDep's disclosure.
  • Attribution of Megalodon remains unconfirmed, including whether it shares infrastructure or operators with the Shai-Hulud npm campaign.

Originally reported by safedep.io

Read the original article →

Original headline: Megalodon: Mass GitHub Repository Backdooring Campaign Hijacks CI/CD Workflows at Scale