/topics/megalodon-github-repo-poisoning-attack

Megalodon GitHub repo poisoning attack

5 items●2 sources●updated 24d ago●trend 0

┌─ summary ─────────────────────────────┐

A hacker group called TeamPCP conducted a large-scale supply chain attack dubbed Megalodon, poisoning over 5,500 GitHub repositories through malicious CI workflows, postinstall hooks, and merge queue corruption. The attack affected hundreds of Node.js projects and other open source code, marking one of the largest coordinated repository compromises on record.

┌─ items (5) ───────────────────────────┐

[HN]hacker news4

Megalodon: Mass GitHub Repo Backdooring via CI Workflows

HN: GPT · pabs3 · ▲2 · 25d

Malicious Postinstall Hook Found in 700 GitHub Repos, Including Node Projects

HN: GPT · 882542F3884314B · ▲11 · 25d

The Silent Merge Queue Corruption That Hit 658 GitHub Repos

HN: GPT · birdculture · ▲3 · 25d

Megalodon chums the waters in 5.5K+ GitHub repo poisonings

HN: GPT · sbulaev · ▲5 · 25d

[BLG]blog/rss1

A hacker group is poisoning open source code at an unprecedented scale

Ars Technica · Andy Greenberg and Lily Hay Newman, WIRED.com · 25d