LodeHQSubscribe →

Megalodon malware targets 5500 repos, Fox Tempest dismantled

Infosec · 2026-05-28

Threats & Malware
Megalodon malware injects credential-stealing GitHub Actions into 5,500 repos in six hours5 MIN

Security startup SafeDep uncovered the Megalodon campaign, which added malicious GitHub Actions workflows to over 5,500 repositories in a six‑hour window, exfiltrating cloud credentials, SSH keys and other secrets. The attack uses dummy accounts and backdoor triggers that stay dormant until activated via the GitHub API, highlighting the growing supply‑chain threat.

AI chatbot suggestions hijacked to deliver cryptojacking malware to GPU owners17 MIN

Microsoft Defender experts discovered an active cryptojacking campaign that uses AI chatbot responses and poisoned search results to recommend fake system‑utility downloads. The malicious links impersonate tools like CrystalDiskInfo and HWMonitor, directing victims, especially those with high‑end GPUs, to miner payloads and persistent remote‑access implants. Organizations should enable cloud‑delivered protection and EDR block mode.

Microsoft dismantles Fox Tempest malware‑signing service enabling ransomware10 MIN

Microsoft’s Digital Crimes Unit disrupted Fox Tempest, a malware-signing-as-a-service that abused Azure Artifact Signing to issue over 1,000 fraudulent code‑signing certificates, facilitating ransomware groups like Rhysida. The takedown revokes the certificates and disrupts infrastructure, mitigating widespread attacks across sectors.

Ottawa man arrested as Kimwolf IoT botmaster faces US and Canada charges6 MIN

Canadian authorities detained 23‑year‑old Jacob ‘Dort’ Butler, the alleged creator of the Kimwolf IoT botnet that harnessed millions of devices for record‑breaking DDoS attacks up to 30 Tbps. He now faces criminal hacking charges in both Canada and the United States.

Get Infosec in your inbox, every issue.
Subscribe free
Privacy · Terms · About · Contact
© 2026 LodeHQ