- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
Megalodon: Mass GitHub Backdooring via CI Workflows
Massive supply chain attack known as Megalodon, which targeted over 5,500 GitHub repositories in May 2026. This automated campaign utilised malicious commits disguised as routine maintenance to inject harmful GitHub Actions workflows into various projects. These poisoned workflows were designed to exfiltrate sensitive data, including cloud credentials, API keys, and private SSH secrets, to an external command-and-control server. Notably, the breach affected legitimate software such as Tiledesk, leading to the distribution of compromised packages through the npm registry. Security researchers highlight that the attackers used forged identities and varied triggers to create both immediate and dormant backdoors within the developer ecosystem. This incident underscores a growing era of cyber threats where automated tools are used to compromise the integrity of the global software supply chain.
Видео Megalodon: Mass GitHub Backdooring via CI Workflows канала Juan Romero - SOCFortress Cofounder
Видео Megalodon: Mass GitHub Backdooring via CI Workflows канала Juan Romero - SOCFortress Cofounder
Комментарии отсутствуют
Информация о видео
12 ч. 26 мин. назад
00:08:18
Другие видео канала
NIST SP 1800–35: Implementing a Zero Trust Architecture
Trend Micro warns of critical Apex One code execution flaws
cPanel and WHM Security Updates: May 2026 Critical Patches
SOCFortress Podcast - OWASP Top 10 for LLM Applications 2025
FortiGate Firewall Hardening Guide
CyberNews - 17/02/2026
Synergy of Zero Trust and EDR for Modern Defense
W3LL A Cybercrime Takedown
Cybersecurity risk management — Building a risk register
Palo Alto Unit 42’s Attribution Framework
NIST Revamps NVD Strategy to Manage Record CVE Backlog
Escalation in bilateral cyber warfare
Secure Syslog-NG Deployment and Hardening Guide
CVE-2026-0300: Critical PAN-OS User-ID Authentication Portal Vulnerability
CISA: Mitigating Risk From End-of-Support Edge Devices
Cisco Secure Workload Critical API Access Vulnerability
Best practices for securing Microsoft Intune
n8n CVE-2026–21858 (“Ni8mare”)
AI AGENTS SECURITY FRONTIER
TanStack Supply Chain Compromise: Analysis and Postmortem
Ivanti zero-days
