More than 5,500 GitHub repositories were infected with malware in a supply chain attack that relies on automated commits, security researchers warn. The campaign, dubbed Megalodon, relies on GitHub Actions workflows containing a payload designed to steal credentials, keys, tokens, and other secrets. The workflows, SafeDep says, were injected through over 5,700 malicious commits pushed to the impacted repositories within a six-hour window, on May 18. According to the cybersecurity firm, the attac...