Tag
workflow-injection
Safeguard articles tagged "workflow-injection" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Supply Chain Attacks
Megalodon: 5,561 GitHub Repos Backdoored via Injected Actions Workflows (May 2026)
In a six-hour window on May 18, 2026, an automated campaign pushed malicious GitHub Actions workflows into 5,561 repositories using credentials harvested by infostealers. We break down the attack chain, the workflow_dispatch dormancy trick, and CI detection.
May 23, 202612 min read
Cloud Security
GitHub Actions workflow injection vulnerabilities
How GitHub Actions workflow injection lets attackers hijack CI pipelines via untrusted input, real CVEs like CVE-2025-30066, and how to detect it.
Nov 3, 20257 min read