Original Source Material
Supply-Chain Attack Uses Malicious GitHub Actions Workflow File to Steal Secrets More than 5,000 GitHub repositories fell victim to an automated campaign, codenamed "Megalodon," in which an attacker injected malicious GitHub Actions that executed a script designed to steal development environment secrets, plus a variety of keys, tokens and other credentials, researchers said.