Megalodon Supply Chain Attack Hit 5,561 GitHub Repos: Your Monday Intel Rundown

Retool's new app builder is where AI-generated code ships safely
Building apps with AI is easy. Getting them to production safely is another story.
Megalodon poisoned 5,561 GitHub repositories in six hours, the largest GitHub Actions supply chain attack ever recorded, silently exfiltrating cloud credentials, SSH keys, and CI secrets from every repository whose workflows executed during the attack window.
The GitHub supply chain attack 2026 analysts are calling Megalodon struck May 18 at 11:36 a.m. UTC. TeamPCP, the same threat group behind the TanStack npm supply chain attack in early May, pushed 5,718 malicious commits across 5,561 public GitHub repositories within six hours and twelve minutes, without exploiting any GitHub platform vulnerability. The attack vector was stolen developer credentials obtained from infostealer malware infections. Hudson Rock's forensic analysis confirmed that more than 33 percent of the GitHub usernames tied to affected repositories matched computers already confirmed infected by infostealer malware. Poisoned workflows then executed silently during normal CI runs, draining every secret in the environment.
The technical mechanism was surgical. Each malicious commit injected a backdoored GitHub Actions workflow into the target repository's .github/workflows/ directory. When triggered by any CI event, the payload executed: a base64-encoded bash script that enumerated and exfiltrated AWS credentials, Azure access tokens, Google Cloud credentials, SSH private keys, OIDC tokens, Docker and Kubernetes configurations, Vault tokens, Terraform credentials, and API keys to a command-and-control server at 216.126.225.129:8443.
Any organization consuming open source software from GitHub carries downstream exposure to Megalodon-touched dependencies. Four additional threats demand Monday morning attention: a public proof-of-concept for MiniPlasma, a Windows privilege escalation zero-day with no patch available; Microsoft May Patch Tuesday fixing 120 CVEs including a CVSS 9.8 Windows Netlogon RCE; two actively exploited Microsoft Defender vulnerabilities now on CISA's Known Exploited Vulnerabilities catalog with a June 3 federal deadline; and SonicWall Gen6 SSL-VPN appliances being brute-forced for ransomware deployment following MFA bypass.
How the Megalodon GitHub Supply Chain Attack Works
TeamPCP is a financially and geopolitically motivated threat actor previously attributed to the TanStack npm supply chain worm that spread across 4,500 npm packages in early May 2026. Megalodon represents a significant escalation in scope and speed, five times larger than the TanStack campaign, executed in half the time.
The attack chain began with infostealer infections on developer machines. Infostealers, malware that harvests browser-stored credentials, credential manager secrets, and developer environment files, provided TeamPCP with working GitHub personal access tokens for thousands of developer accounts. Those stolen tokens gave the attacker push access to repositories, allowing malicious commits to be authenticated as legitimate developer activity.
To avoid detection, TeamPCP used throwaway accounts with randomized eight-character usernames and rotated through four author identities, build-bot, auto-ci, ci-bot, and pipeline-bot, paired with seven commit message variants designed to look like routine CI maintenance: messages referencing workflow dependency updates and runner configuration fixes.
The malicious commits injected a backdoored workflow YAML file into each repository's .github/workflows/ directory. Upon any CI trigger, a push, a pull request merge, a scheduled job, the workflow executed a base64-encoded bash payload that called env to enumerate all available environment variables, then targeted patterns matching cloud credentials and secrets: TOKEN, KEY, SECRET, AWS, AZURE, GCP, SSH_*. All captured secrets were transmitted over HTTPS to 216.126.225.129:8443.
GitHub detected the campaign and began removing malicious workflows within hours of the attack window closing on May 18. Any repository that cannot be confirmed free of malicious workflow execution during the 11:36–17:48 UTC window should be treated as compromised.
Subscribe to unlock Indicators of Compromise
Free subscribers unlock full IOC lists, Sigma detection rules, remediation steps, and every daily briefing.
MiniPlasma Windows Zero-Day: SYSTEM Access on Fully Patched Systems, No Fix Available
MiniPlasma is a Windows local privilege escalation zero-day whose public proof-of-concept was released in May 2026, giving any attacker with a local foothold on a Windows system a reliable path to SYSTEM-level execution on fully patched machines. No Microsoft patch is available as of May 25, 2026.
The vulnerability is distinct from the BlueHammer and RedSun LPEs disclosed in April 2026. MiniPlasma exploits a different code path in Windows kernel or privilege management subsystems to achieve SYSTEM execution. Independent researchers have verified the PoC works on current builds of Windows 10, Windows 11, and Windows Server. The public release means commodity threat actors, not just sophisticated APTs, now have a working local escalation tool requiring no special conditions on fully patched Windows endpoints.
For defenders, MiniPlasma follows a now-familiar 2026 pattern: a researcher discloses a Windows LPE PoC publicly before Microsoft has prepared a patch, handing criminal groups a free privilege escalation capability. The gap between PoC publication and Microsoft patch release typically spans weeks, not days. Threat actors have historically begun weaponizing publicly released PoCs within 24 to 72 hours.
Compensating controls while awaiting a patch: enforce strict least-privilege on all Windows endpoints and restrict who can obtain local interactive or RDP sessions. Deploy behavioral detections in your SIEM for anomalous SYSTEM-level process spawning, especially from processes that should never run at elevated privilege. Alert on unexpected parent-child process relationships involving lsass.exe, winlogon.exe, and services.exe. Monitor Microsoft Security Response Center (MSRC) advisories and treat MiniPlasma as an emergency change-window item the moment a fix is released.
Briefings like this, every morning before 9am.
Threat intel, active CVEs, and campaign alerts, distilled for practitioners. 50,000+ subscribers. No noise.
May 2026 Patch Tuesday: 120 CVEs Fixed Including Three Critical RCEs for Immediate Deployment
Microsoft's May 2026 Patch Tuesday, released May 13, addressed 120 vulnerabilities across Windows, Microsoft 365, Azure services, and developer tooling. Seventeen vulnerabilities are rated Critical, 103 are rated Important, and 13 carry a Microsoft assessment of Exploitation More Likely, meaning security teams should expect active weaponization within 30 days.
CVE-2026-41089 is a Windows Netlogon stack-based buffer overflow rated CVSS 9.8. An unauthenticated attacker can exploit this remotely to achieve code execution on a domain controller. Netlogon is a foundational Windows authentication service, a successful exploit on a domain controller constitutes full domain compromise. Patch this before any other item on this list.
CVE-2026-41096 is a heap overflow in the Windows DNS Client. An attacker-controlled DNS server can send a specially crafted response to trigger remote code execution on any Windows machine that resolves DNS queries through the attacker-controlled server. All Windows deployments are in scope. This is particularly relevant for organizations that rely on public DNS resolvers without DNS-over-HTTPS.
CVE-2026-35421 is a Windows GDI Remote Code Execution vulnerability exploitable by opening a malicious Enhanced Metafile (EMF) file via Microsoft Paint. Phishing campaigns delivering EMF attachments can trigger this without any user interaction beyond opening the file.
Four Microsoft Office and Word RCE flaws, CVE-2026-40361, CVE-2026-40367, CVE-2026-40366, and CVE-2026-40364, are all rated Critical and exploitable via malicious file attachments. With Office present in virtually every enterprise environment and phishing as the dominant initial access vector, these require same-day patching. Run winget upgrade --all or push updates via WSUS or Intune on domain controllers first.
Microsoft Defender CVE-2026-41091 and CVE-2026-45498: CISA Mandates Federal Patch by June 3
Two actively exploited Microsoft Defender vulnerabilities reached CISA's Known Exploited Vulnerabilities catalog on May 21, 2026, with a June 3 federal remediation deadline. Both are confirmed exploited in the wild, making them immediately actionable for every organization regardless of federal status.
CVE-2026-41091 is a local privilege escalation flaw in the Microsoft Malware Protection Engine version 1.26030.3008. The vulnerability stems from improperly resolved symbolic links before file access operations, allowing an attacker who has obtained a local foothold to escalate directly to SYSTEM-level privileges. The patched version is engine v1.1.26040.8. A third related vulnerability, CVE-2026-45584, enables Remote Code Execution in the same engine version, compounding the severity.
CVE-2026-45498 is a denial of service vulnerability in the Microsoft Defender Antimalware Platform. Successful exploitation prevents Defender from functioning, creating a detection-blind window during which the attacker can operate without triggering any endpoint alerts. The fix is Antimalware Platform version v4.18.26040.7.
The combined operational impact is damaging: CVE-2026-45498 disables Defender, then CVE-2026-41091 achieves SYSTEM privilege with no endpoint security running. Attackers who successfully chain these two vulnerabilities have a clean escalation path on any Windows endpoint running an unpatched Defender version.
Microsoft Defender typically auto-updates through Windows Update, but update delivery can be delayed, throttled, or disabled in air-gapped and restricted network environments. To verify the current engine version on a Windows endpoint, run Get-MpComputerStatus in PowerShell and compare the AMEngineVersion and AMProductVersion fields against the patched versions above. Confirm deployment on all endpoints before June 3.
“Both CVE-2026-41091 and CVE-2026-45498 are confirmed exploited in the wild. Federal agencies have until June 3 to remediate.”
CISA Known Exploited Vulnerabilities Catalog, May 21, 2026
SonicWall Gen6 VPN Brute-Force: MFA Bypass Opens Ransomware Entry Points
Threat actors are conducting automated credential brute-forcing against SonicWall Gen6 SSL-VPN appliances and bypassing multi-factor authentication controls to deploy ransomware payloads across enterprise networks. SonicWall Gen6 devices, including NSa, TZ, and SOHO series running older SonicOS firmware builds, are the primary targets of the current campaign.
The attack pattern is straightforward. Automated tools attempt credential stuffing against the Gen6 SSL-VPN web interface using credential lists sourced from previous breaches and infostealer dumps. Once a valid credential is identified, session management weaknesses in the older firmware allow attackers to bypass MFA enrollment or session validation, gaining full VPN access with legitimate user credentials. From inside the VPN, attackers conduct standard Active Directory enumeration and deploy ransomware through Group Policy Objects or remote execution tools such as PsExec and WMI.
SonicWall Gen6 devices have been targeted by attackers since 2024 through multiple known vulnerabilities. SonicWall published firmware advisories for Gen6 SSL-VPN in both 2024 and 2025 recommending urgent patching. The current ransomware campaign represents the predictable consequence for organizations that have not applied those updates.
Immediate actions for SonicWall Gen6 operators: upgrade to the latest firmware for your specific device series before end of week. Restrict SSL-VPN access to known source IP ranges using geo-blocking and allowlist policies. Enable login attempt rate limiting and alert on brute-force patterns exceeding five failed attempts per minute. Verify MFA enforcement is active post-firmware upgrade, some updates reset MFA configuration to default values. If Gen6 migration has not been planned, begin a Gen7 upgrade assessment now given the accumulating vulnerability surface on end-of-extended-support hardware.
Your Prioritized Monday Morning Response Checklist
This week requires five concurrent action tracks. Sequence by exposure first, highest-blast-radius threats get same-day attention regardless of patching complexity.
Megalodon takes the top slot for any organization using GitHub-hosted open source dependencies. Audit GitHub Actions workflow files across all repositories for the May 18 attack window (11:36–17:48 UTC). Check commits from randomized eight-character usernames or build-bot, auto-ci, ci-bot, and pipeline-bot author identities. Block 216.126.225.129 at the network perimeter and DNS layer now. Rotate all CI secrets, cloud credentials, and SSH keys for any repository that cannot be confirmed unaffected.
For May Patch Tuesday critical items: domain controllers get CVE-2026-41089 (Windows Netlogon, CVSS 9.8) and CVE-2026-41096 (Windows DNS Client) patches first, then push Office and Word RCE fixes to all endpoints before end of business.
For Microsoft Defender: run Get-MpComputerStatus across all Windows endpoints. Any machine running Malware Protection Engine below v1.1.26040.8 or Antimalware Platform below v4.18.26040.7 is exposed to confirmed in-the-wild exploitation. Force an update cycle via Windows Update or SCCM before June 3.
For MiniPlasma: no patch exists. Deploy behavioral SIEM detections for SYSTEM-level privilege escalation from non-standard parent processes and restrict all local and RDP access to verified users while awaiting a Microsoft fix.
For SonicWall Gen6: update firmware on all SSL-VPN appliances before weekend. Verify MFA is active post-update and restrict source IPs at the VPN gateway.
Subscribe to unlock Remediation & Mitigation steps
Free subscribers unlock full IOC lists, Sigma detection rules, remediation steps, and every daily briefing.
The bottom line
The GitHub supply chain attack known as Megalodon is this week's defining threat: stolen developer credentials let TeamPCP poison 5,561 repositories with CI secret-stealing workflows in six hours without exploiting a single GitHub platform vulnerability. Three actions before end of business today: audit your GitHub Actions workflows for the May 18 window and rotate all CI secrets, verify Microsoft Defender engine versions against the June 3 CISA deadline, and push patches for CVE-2026-41089 on all Windows domain controllers before they become ransomware entry points. For detailed domain controller patch steps, IOCs, and detection rules for CVE-2026-41089, see the Windows Netlogon RCE CVE-2026-41089 patch advisory.
This analysis is generic — the platform version scores threats like this against your own stack.
Frequently asked questions
What is the Megalodon GitHub supply chain attack?
Megalodon is a supply chain attack by the threat group TeamPCP that pushed 5,718 malicious commits to 5,561 public GitHub repositories in six hours on May 18, 2026. The attacker injected backdoored GitHub Actions workflows containing base64-encoded bash payloads that silently exfiltrated CI secrets, cloud credentials, SSH keys, OIDC tokens, and source code secrets to a command-and-control server at 216.126.225.129:8443. Stolen developer GitHub credentials obtained through infostealer infections provided the push access required without exploiting any GitHub platform vulnerability.
How do I check if my GitHub repository was affected by the Megalodon attack?
Check your repository's commit history for any workflow changes pushed between 11:36 a.m. and 5:48 p.m. UTC on May 18, 2026. Look for commits from accounts with randomized eight-character usernames or authors named build-bot, auto-ci, ci-bot, or pipeline-bot. Review all .github/workflows/ YAML files for base64-encoded bash payloads and outbound connections to 216.126.225.129:8443. Rotate all GitHub Actions secrets, cloud credentials, SSH keys, and OIDC tokens for any repository that cannot be confirmed unaffected regardless of whether direct exploitation is confirmed.
What credentials and secrets were stolen in the Megalodon supply chain attack?
Megalodon's malicious GitHub Actions workflows exfiltrated CI environment variables, AWS credentials, Google Cloud credentials, Azure credentials, SSH private keys, Docker and Kubernetes configuration files, Vault tokens, Terraform credentials, and API keys. Any secret accessible to a GitHub Actions runner at the time a compromised workflow executed should be treated as stolen and rotated immediately. Organizations using OIDC-based cloud authentication should audit cloud access logs for anomalous activity originating from GitHub Actions infrastructure between May 18 and 19, 2026.
How do infostealer infections lead to GitHub supply chain attacks?
Infostealer malware harvests credentials stored in browsers, credential managers, and developer environment files on infected machines, including GitHub personal access tokens, session cookies, and SSH keys. Hudson Rock's analysis found that more than 33 percent of the GitHub usernames tied to Megalodon-affected repositories matched developer computers confirmed infected by infostealers. Those stolen credentials gave TeamPCP push access to thousands of repositories without triggering any platform security alert, because the commits were signed with legitimate developer identities.
What is the MiniPlasma Windows zero-day and is there a patch available?
MiniPlasma is a Windows local privilege escalation zero-day with a public proof-of-concept released in May 2026. Attackers with a local foothold on a Windows system can use it to gain SYSTEM privileges on fully patched Windows 10, 11, and Server builds. No Microsoft patch is available as of May 25, 2026. Compensating controls include enforcing strict least-privilege policies, restricting local and RDP access, monitoring for unexpected SYSTEM-level process spawning from non-standard parent processes, and deploying behavioral privilege escalation detections in your SIEM.
Which Microsoft Defender vulnerabilities are on the CISA KEV and what is the patch deadline?
CVE-2026-41091 and CVE-2026-45498 are both actively exploited Microsoft Defender vulnerabilities added to CISA's Known Exploited Vulnerabilities catalog on May 21, 2026. CVE-2026-41091 allows local privilege escalation to SYSTEM via the Malware Protection Engine. CVE-2026-45498 disables Defender via denial of service. US federal agencies must patch both by June 3, 2026. Verify engine versions: CVE-2026-41091 is fixed in v1.1.26040.8 and CVE-2026-45498 in v4.18.26040.7. Run Get-MpComputerStatus in PowerShell to confirm deployed versions.
What should I patch first from the May 2026 Patch Tuesday?
Patch in this order: first, Windows Netlogon CVE-2026-41089 (CVSS 9.8 stack buffer overflow RCE) and Windows DNS Client CVE-2026-41096 (heap overflow RCE triggered by malicious DNS response), both remotely exploitable and rated Critical. Second, patch Microsoft Office and Word RCE flaws CVE-2026-40361, CVE-2026-40367, CVE-2026-40366, and CVE-2026-40364, all flagged as exploitation-likely. Third, address Windows Hyper-V and GDI vulnerabilities. No zero-days were in this Patch Tuesday release, but 13 CVEs carry a 30-day exploitation-likely assessment.
How do I protect CI/CD pipelines from GitHub Actions supply chain attacks?
Pin all third-party GitHub Actions to specific commit SHAs instead of mutable version tags, this prevents tag hijacking from poisoning your workflows. Enable GitHub's secret scanning with push protection and Dependabot security updates. Use StepSecurity Harden Runner to enforce outbound network allowlists during CI runs and block exfiltration to unexpected destinations. Audit all .github/workflows/ files regularly for base64-encoded bash payloads. Enforce MFA and short-lived OIDC tokens for CI cloud access, and rotate all CI secrets immediately if any developer machine is confirmed infostealer-infected.
Sources & references
- The Hacker News, Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
- SecurityWeek, Over 5,500 GitHub Repositories Infected in Megalodon Supply Chain Attack
- StepSecurity, Megalodon: Mass GitHub Actions Secret Exfiltration Across 5,500+ Repositories
- BleepingComputer, New Windows MiniPlasma Zero-Day Exploit Gives SYSTEM Access, PoC Released
- BleepingComputer, Microsoft May 2026 Patch Tuesday Fixes 120 Flaws, No Zero-Days
- Help Net Security, Microsoft Defender Vulnerabilities Exploited in the Wild (CVE-2026-41091, CVE-2026-45498)
- CISA, Adds Two Known Exploited Vulnerabilities to Catalog, May 21, 2026
- Rescana, Megalodon Supply Chain Attack: TeamPCP Compromises 5,561 GitHub Repositories via Malicious CI/CD Workflows
Free resources
Critical CVE Reference Card 2025–2026
25 actively exploited vulnerabilities with CVSS scores, exploit status, and patch availability. Print it, pin it, share it with your SOC team.
Ransomware Incident Response Playbook
Step-by-step 24-hour IR checklist covering detection, containment, eradication, and recovery. Built for SOC teams, IR leads, and CISOs.
Get threat intel before your inbox does.
50,000+ security professionals read Decryption Digest for early warnings on zero-days, ransomware, and nation-state campaigns. Free, daily, no spam.
Unsubscribe anytime. We never sell your data.

Founder & Cybersecurity Evangelist, Decryption Digest
Cybersecurity professional with expertise in threat intelligence, vulnerability research, and enterprise security. Covers zero-days, ransomware, and nation-state operations for 50,000+ security professionals every morning.
Win a $2,495 Black Hat pass.
Full-access to Black Hat USA 2026 in Las Vegas. Subscribe free to enter.
