A massive supply chain attack dubbed Megalodon has infected over 5,500 GitHub repositories with credential-stealing malware, creating backdoors and automated workflows.
On May 19 GitHub confirmed the security breach across its social media channels, verifying that there was unauthorized access to internal repositories and stating that it was monitoring the situation for further activity. It also said that it had no evidence that information stored in customer repositories or internal information about customers was compromised.
A compromise of the popular GitHub Actions tool turned into a massive supply chain attack, at this point thought to be responsible for the follow-on exposure of over 23,000 GitHub repositories.
Popular collaboration tool Slack is the latest to suffer a security breach involving its GitHub repositories, with the company reporting that private source code was stolen in late December.
Okta is once again in trouble as the company's GitHub repositories have been hacked. There does not appear to be any impact to Okta clients, but the service source code appears to have been stolen in the breach.
Dropbox says that the security breach did not involve the contents of any customer accounts. The attackers were instead focused on company GitHub repositories, raiding 130 of them for code and tools.






