Lucene search
+L

5 matches found

CISA
CISA
added 2026/05/28 12:0 p.m.51 views

Supply Chain Compromises Impact Nx Console and GitHub Repositories

CISA is prioritizing the response to multiple emerging software supply chain intrusion campaigns targeting developer ecosystems Continuous Integration/Continuous Development CI/CD pipelines. These recent incidents, including the GitHub compromise via a malicious Nx Console Visual Studio Code VS...

9.8CVSS5.8AI score0.0185EPSS
Exploits1References8
The Hacker News
The Hacker News
added 2026/05/22 11:55 a.m.23 views

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window. "Using throwaway accounts and forged author identities build-bot, auto-ci, ci-bot, pipeline-bot, the attacke...

5.9AI score
Exploits0
Snyk
Snyk
added 2026/05/21 9:0 p.m.12 views

Embedded Malicious Code

Overview @tiledesk/tiledesk-server is a The Tiledesk server module Affected versions of this package are vulnerable to Embedded Malicious Code part of the "Megalodon" campaign that orchestrated a massive supply-chain attack, pushing malicious commits to 5,561 GitHub repositories within a six-hour...

9.8CVSS5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 8:0 a.m.17 views

Malicious code in @tiledesk/tiledesk-server (npm)

@tiledesk/tiledesk-server version 2.18.12 is a compromised release of the legitimate Tiledesk customer support platform package. This version was injected with a CI pipeline backdoor as part of the megalodon campaign — a mass GitHub repository backdooring operation targeting CI/CD runner...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/05/21 8:0 a.m.9 views

MAL-2026-4228 Malicious code in @tiledesk/tiledesk-server (npm)

@tiledesk/tiledesk-server version 2.18.12 is a compromised release of the legitimate Tiledesk customer support platform package. This version was injected with a CI pipeline backdoor as part of the megalodon campaign — a mass GitHub repository backdooring operation targeting CI/CD runner...

6.1AI score
Exploits0References3
Rows per page
Query Builder