In just six hours, the campaign quietly pushed thousands of malicious commits to more than 5,500 GitHub repositories, stealing credentials, developer secrets, and more.
Feeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub Repos
Summary + source link. No paywalls, no tracking.