Megalodon Poisons Github

The supply chain remains the weakest link. A new automated malware campaign dubbed “Megalodon” poisoned more than 5,500 GitHub repos in just six hours, quietly harvesting cloud credentials, tokens, and sensitive code from environments that implicitly trust what they pull. On this episode of State of Cybercrime, Matt and David break down how the attack scaled, the risks tied to compromised repositories, and what it means for downstream users. They will also examine the widely exploited PAN-OS GlobalProtect VPN bypass and a new AI-driven worm that dynamically selects its exploits.