Megalodon Mass GitHub Actions Secret Exfiltration Across 5500 Public Repos

Cybersecurity researchers uncovered "Megalodon," a malicious GitHub Actions workflow campaign that exfiltrated secrets from over 5,500 public repositories. The attack exploited workflows triggered by pull requests, leaking environment variables and tokens. The campaign highlights risks of using untrusted Actions in CI/CD pipelines.