Security researchers have issued a warning about a large-scale supply chain attack named “Megalodon,” which utilized automated commit techniques to implant malware into over 5,500 GitHub code repositories. By abusing GitHub Actions workflows, the attack embedded credential-stealing programs in continuous integration environments, specifically targeting sensitive data such as credentials, CI secrets, keys, and tokens. The attackers employed random eight-character username accounts, masquerading as CI automation tools, and pushed 5,718 malicious commits within six hours. The malicious programs were executed via base64-encoded bash scripts, employing a multi-stage theft strategy that covered CI environment variables, cloud platform credentials, infrastructure keys, application-layer secrets, and CI/CD-specific information. This attack not only impacted GitHub repositories but also spread to the npm ecosystem, contaminating software packages in projects like Tiledesk.