SafeDep (@safedepio): "π¨ The "πΌππππππππ" Campaign is live...
π»,π½π·πΎ malicious commits to π»,π»πΌπ· GitHub repositories in a six-hour window.
Using throwaway accounts and forged author identities (build-bot, auto-ci, ci-bot, pipeline-bot), the attacker injected πΆπππ·ππ π°ππππππ workflows containing πππππΌπΊ-πππππππ bash payloads that exfiltrate:
- CI secrets,<br>- cloud credentials<br>- SSH keys<br>- OIDC tokens<br>- source code secrets
Check your repo / Technical details: https://safedep.io/megalodon-mass-github-repo-backdooring-ci-workflows/" | XCancel
SafeDep
@safedepio
2h
π¨ The "πΌππππππππ" Campaign is live...
π»,π½π·πΎ malicious commits to π»,π»πΌπ· GitHub repositories in a six-hour window.
Using throwaway accounts and forged author identities (build-bot, auto-ci, ci-bot, pipeline-bot), the attacker injected πΆπππ·ππ π°ππππππ workflows containing πππππΌπΊ-πππππππ bash payloads that exfiltrate:
- CI secrets,<br>- cloud credentials<br>- SSH keys<br>- OIDC tokens<br>- source code secrets
Check your repo / Technical details: safedep.io/megalodon-mass-giβ¦
Last edited May 21, 2026 Β· 4:39 PM UTC
10
51
160
37,819
DissentingSkeptic@DissentingS
47s
Replying to @safedepio
They don't try to hide it anymore. Anything with base64 like that is edited. How unoriginal.
12
Eli Nesterov@elinesterov
22m
Replying to @safedepio
Pin your gh actions to hash instead of versions
574
toasts
@t0asts
1h
Replying to @safedepio
36
2,127
Kunal Singh
@KunalSin9h
1h
Replying to @safedepio
we are f*ed up again
1,545
Sudhanshu Dasgupta
@SudhanshuDasgu3
58m
Replying to @safedepio
be prepared for your nightmares
957
M@mmijj_m
47m
Replying to @safedepio
Probably repos of those that got affected by shai hulud. Crazy part is that its over 70k repos that have been hacked.
803
Ilyes Bacha
@dev_ilyesbacha
1h
Replying to @safedepio
1,520
xlr8 β’@ransomsec
53m
Replying to @safedepio
lol TF
624
Atharva Vaidya
@atharvavaidya
1h
Replying to @safedepio
Bruh
1,010