Megalodon: Mass GitHub Repo Backdooring via CI Workflows

https://lobste.rs/rss Hits: 26
Summary

A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+... SafeDep Team May 19, 2026

First seen: 2026-05-22 10:17

Last seen: 2026-05-23 11:34

Read Full Article More from this Source
Related News
libwce: the entropy layer of a wavelet codec, on its own
2026-05-24 · 23 hits
Nitpicking the shell history scene in ‘Tron: Legacy’
2026-05-28 · 1 hits
CSCI 1377: Tools for Thought (Spring 2026)
2026-05-27 · 14 hits
What are some of your favourite developer tools?
2026-05-27 · 32 hits
Creusot helps you prove your Rust code is correct
2026-05-28 · 13 hits