A malware spreading scumbag swimming through GitHub pushed malicious commits to more than 5,500 repositories on Monday as part of an automated campaign called Megalodon. Similar to the earlier TeamPCP attacks that poisoned about 3,800 GitHub repositories, this new campaign has so far infected 5,561 repos with CI CD credential stealing malware, according to SafeDep researchers, who uncovered the predatory commits and published a full list of the compromised repositories . If a repository owner...
