Megalodon Poisons GitHub

Friday, June 12, 2026 12 p.m. ET | 5 p.m. BST Matt Radolec, David Gibson

The supply chain remains the weakest link. A new automated malware campaign dubbed “Megalodon” poisoned more than 5,500 GitHub repos in just six hours, quietly harvesting cloud credentials, tokens, and sensitive code from environments that implicitly trust what they pull.

On this episode of State of Cybercrime, Matt and David break down how the attack scaled, the risks tied to compromised repositories, and what it means for downstream users. They will also examine the widely exploited PAN-OS GlobalProtect VPN bypass and a new AI-driven worm that dynamically selects its exploits.

Your seat is saved!

You’ll receive a confirmation email from Zoom shortly. Contact us if you do not receive it within 24 hours.

Add to calendar (.ics)

About the series

In today's digital landscape, no industry is safe from cybercrime. Hackers continue to exploit vulnerabilities across sectors, leading to highly destructive breaches.

Our State of Cybercrime series sheds light on the latest high-profile attacks while providing actionable insights across every industry.