Signal

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-05-25 05:59 UTCUpdated 2026-05-25 07:40 UTC

rss

github_repositories_infected

Trend in the last 24h

Current brief openSource links open

This current signal is open on the public brief with summary, metadata, source links, and full evidence. Pro adds compare-over-time, alerts, exports, and workflow.

Back Evidence (2)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (2 domains)

2 top sources shown

Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack

SecurityWeek · securityweek.com · 2026-05-25 07:40 UTC

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

thehackernews · thehackernews.com · 2026-05-25 05:59 UTC

limited source diversity in top sources

View all evidence

Overview

Fake automated commits injected GitHub Actions workflows containing payloads to steal credentials, CI secrets, keys, and tokens. The post Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack appeared first on SecurityWeek .

Score total

0.97

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

All evidence

Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack

SecurityWeek · securityweek.com · 2026-05-25 07:40 UTC

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

thehackernews · thehackernews.com · 2026-05-25 05:59 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 2 / 0

Top publishers (this list)

SecurityWeek (1)
thehackernews (1)

Top origin domains (this list)

securityweek.com (1)
thehackernews.com (1)