Three separate supply-chain campaigns surfaced within 72 hours of each other — one poisoning 5,500+ GitHub repositories, another exploiting a Ghost CMS zero-day to turn 700+ sites into phishing infrastructure, and a third planting malicious packages across npm, PyPI, and Crates.io simultaneously. If your organization consumes open-source code through automated pipelines, today’s brief is operationally urgent.

In the News

5,500+ GitHub Repos Poisoned in Megalodon Supply-Chain Attack

A campaign tracked as “Megalodon” has injected credential-stealing GitHub Actions workflows into over 5,500 public repositories by submitting fake automated commits. The malicious workflows execute during CI/CD runs and harvest secrets — API keys, cloud provider tokens, container registry credentials, and environment variables — then exfiltrate them to attacker-controlled infrastructure.

The attack leverages the trust model inherent in GitHub’s fork-and-pull workflow. By submitting commits that appear to be automated dependency updates or formatting changes, the attackers bypass casual code review. The injected workflow files are named to blend with legitimate CI configurations, and the credential exfiltration uses HTTPS POST requests to domains that mimic legitimate developer services.

The scale is significant: 5,500+ repositories means any organization pulling from public GitHub repos without commit signature verification or workflow pinning is at risk. The blast radius extends beyond the directly poisoned repos — any downstream project that includes an affected dependency inherits the malicious workflow.

What defenders should do: Audit all GitHub Actions workflows for unexpected modifications. Pin third-party Actions to specific commit SHAs rather than tags (tags can be moved). Enable commit signature verification and require signed commits on protected branches. Rotate any secrets that were accessible to CI/CD pipelines pulling from public repos. Implement software composition analysis that covers CI/CD configuration files, not just application dependencies.

MITRE ATT&CK: T1195.002 — Supply Chain Compromise: Compromise Software Supply Chain

Source: SecurityWeek

Ghost CMS Zero-Day (CVE-2026-26980) Exploited at Scale — 700+ Sites Hijacked

CVE-2026-26980 is an unauthenticated SQL injection vulnerability in the Ghost CMS Content API, carrying a CVSS score of 9.4. The vulnerability requires no authentication — any internet-facing Ghost instance with the Content API enabled (the default) is exploitable. Attackers have already compromised over 700 Ghost-powered sites.

The exploitation pattern follows a now-familiar playbook: mass scanning identifies vulnerable Ghost instances, the SQL injection provides database access, and the attackers inject ClickFix credential-phishing pages into the compromised site’s content. Visitors to these sites — often tech blogs and developer documentation portals — encounter convincing login prompts that harvest their credentials. The phishing pages are injected directly into the site’s content database, making them difficult to distinguish from legitimate pages without database-level inspection.

Ghost has released a patch. Any Ghost instance exposed to the internet that has not been updated should be considered compromised. Post-patch, operators should audit their content database for injected pages and review access logs for SQL injection patterns.

What defenders should do: Patch Ghost CMS immediately. If patching is not immediately possible, restrict access to the Content API at the network layer. Audit site content for injected pages containing credential harvesting forms. Deploy web application firewall rules that detect SQL injection in API parameters as a compensating control.

MITRE ATT&CK: T1190 — Exploit Public-Facing Application; T1566.003 — Phishing: Spearphishing via Service

Source: The Hacker News

TrapDoor Campaign Hits npm, PyPI, and Crates.io — 34 Malicious Packages Across 384 Versions

A coordinated supply-chain attack launched on May 22, 2026 planted 34 malicious packages across 384 versions in three major package registries: npm, PyPI, and Crates.io. The packages use typosquatting and naming patterns that mimic popular libraries, and on installation they exfiltrate developer credentials, SSH keys, and environment variables to attacker-controlled endpoints.

The cross-ecosystem scope is what distinguishes TrapDoor from typical package poisoning. Targeting npm, PyPI, and Crates.io simultaneously means the campaign covers JavaScript/TypeScript, Python, and Rust development environments — a broad surface that most organizations will intersect. The 384 versions suggest the attacker published rapidly across version numbers to increase the window of exposure and ensure at least some versions survive registry takedowns.

This campaign also coincides with the Laravel-Lang npm package poisoning reported the same week, where legitimate packages were briefly backdoored in a 15-minute window to exfiltrate CI secrets. Taken together, these incidents represent a concentrated spike in supply-chain attacks targeting developer toolchains.

What defenders should do: Audit dependencies installed since May 22 across npm, PyPI, and Crates.io projects. Run software composition analysis tools against all active projects. Rotate developer credentials and SSH keys if any suspicious package installations are detected. Pin dependency versions and verify package checksums in lockfiles. Consider private registry mirrors with allow-listing for approved packages.

MITRE ATT&CK: T1195.002 — Supply Chain Compromise: Compromise Software Supply Chain; T1552.001 — Unsecured Credentials: Credentials In Files

Source: The Hacker News

Lazarus Deploys RemotePE Memory-Only RAT Against Crypto Firms

North Korea’s Lazarus group is deploying a new remote access trojan called RemotePE against cryptocurrency and financial services firms. The distinguishing characteristic: the entire payload executes in memory. A cross-platform loader chain delivers the RAT without writing artifacts to disk, evading disk-based antivirus, file integrity monitoring, and standard forensic acquisition.

The infection chain begins with social engineering lures tailored to the crypto sector — job offers, investment proposals, and partnership inquiries delivered via messaging platforms. The loader leverages legitimate platform utilities for reflective code loading, and the final RemotePE payload establishes an encrypted command-and-control channel for data exfiltration and lateral movement.

This represents an evolution in Lazarus tradecraft. Previous campaigns (AppleJeus, DeTankZone) used disk-based implants that, while obfuscated, left forensic artifacts. RemotePE’s fully memory-resident architecture raises the bar for detection and incident response, requiring memory forensics or behavioral endpoint detection to identify.

What defenders should do: Deploy endpoint detection with in-memory scanning and behavioral analysis capabilities — file-scanning antivirus will not detect this payload. Monitor for anomalous process injection and reflective loading patterns. Implement network detection for encrypted C2 traffic to previously unseen endpoints. Organizations in the crypto and financial sectors should brief employees on social engineering lures specific to their industry.

MITRE ATT&CK: T1055 — Process Injection; T1620 — Reflective Code Loading; T1071.001 — Application Layer Protocol: Web Protocols

Source: The Hacker News

Today’s Deep Dive — Supply-Chain Attack Surface in CI/CD Pipelines

Three supply-chain campaigns in a single news cycle is not a coincidence — it reflects the operational reality that CI/CD pipelines and package registries are now primary initial access vectors. The trust assumptions baked into modern development workflows — auto-merge bots, tag-based dependency resolution, public registry pulls without verification — create an attack surface that threat actors are systematically exploiting.

The Megalodon campaign targets the CI/CD configuration layer (GitHub Actions workflow files). TrapDoor targets the dependency layer (package registries). The Laravel-Lang poisoning targets the maintainer account layer (compromised publishing credentials). Each attack exploits a different link in the same chain, and defending against one does not protect against the others.

The primary controls, in order of impact:

  1. Pin dependencies by hash, not by tag or version range. Tags can be moved. Version ranges pull whatever is newest. Cryptographic hashes are immutable. This applies to both application dependencies and CI/CD Actions.
  2. Run software composition analysis on every build. Not just production builds — development and CI environments are the target. Tools should flag newly introduced dependencies and known-malicious package names.
  3. Scope CI/CD secrets to minimum blast radius. A workflow that builds documentation should not have access to production cloud credentials. Secrets should be scoped per-workflow, per-environment, and time-limited where possible.
  4. Require commit signature verification on protected branches. This is the direct countermeasure to Megalodon-style commit injection. Unsigned commits from unknown GPG keys should not merge without explicit human review.
  5. Mirror public registries privately. Organizations with mature software supply-chain practices maintain private mirrors of npm, PyPI, and other registries with allow-listing. New packages require explicit approval before developers can install them.

These controls are not new guidance. What is new is three campaigns in 72 hours demonstrating that the attack surface is being systematically mapped and exploited. The cost of not implementing these controls is measured in stolen credentials, compromised builds, and supply-chain breaches that propagate to customers.

Detection Spotlight

Detecting unauthorized GitHub Actions workflow modifications. This Splunk SPL query identifies commits that modify workflow files in .github/workflows/ from authors not in your approved committer list. It requires GitHub audit log ingestion via webhook or API polling.

index=github sourcetype="github:audit"
action="git.push"
| spath output=files path="payload.commits{}.modified{}"
| mvexpand files
| search files="*.github/workflows/*"
| spath output=committer path="payload.commits{}.author.username"
| where NOT committer IN ("dependabot[bot]", "renovate[bot]", "approved-user-1", "approved-user-2")
| stats count by repo, committer, files, _time
| sort -_time

Replace the committer IN (...) list with your organization’s approved bot and human committer usernames. Any hits represent workflow modifications from unexpected authors — investigate immediately for injected credential exfiltration steps. False positive rate is low if the approved committer list is maintained; expect occasional noise from first-time external contributors on public repos.

References

Subscribe to the it-learn Brief

Get the daily cybersecurity brief in your inbox every weekday morning — news, SE angles, and detection queries.