Supply-Chain

News 2026-05-30

CISA Urges Security Teams to Audit Software Development Pipelines After Megalodon Supply‑Chain Attack

CISA warns about Megalodon supply-chain attack injecting malicious GitHub Actions into 5,500+ repositories and compromise via poisoned Nx Console VS Code extension, urging security teams to audit workflows and rotate credentials.

cybersecurity supply-chain GitHub CISA Megalodon

News 2026-05-23

Packagist Supply Chain Attack Infects 8 Packages Using GitHub‑Hosted Linux Malware

A coordinated supply‑chain attack compromised eight Composer packages on Packagist, injecting malware via package.json that downloads and executes a Linux binary from GitHub Releases.

cybersecurity supply-chain packagist malware github