The Megalodon campaign pushed 5,718 malicious commits into 5,561 GitHub repositories in roughly six hours. The target was not just application code, but GitHub Actions workflows that can expose cloud credentials, CI secrets, and deployment tokens.
TrapDoor pushed more than 34 malicious packages across npm, PyPI, and Crates.io after May 22. The sharpest twist is not just credential theft, but the attempt to poison .cursorrules and CLAUDE.md files read by AI coding assistants.
Bumblebee is a read-only scanner for macOS and Linux developer endpoints. Perplexity says it checks risky packages, MCP configs, editor extensions, and browser extensions without invoking package managers or install scripts.
GitHub confirmed on May 20, 2026 that threat group TeamPCP exfiltrated approximately 3,800 internal repositories after a GitHub employee installed a trojanized Nx Console VS Code extension that was live on the marketplace for just 11 minutes. Stolen credentials include 1Password vaults, Anthropic Claude Code configurations, npm, GitHub, and AWS tokens; TeamPCP is seeking $50,000 for the data on underground forums.
On May 11, 2026, an attacker chained three GitHub Actions vulnerabilities to publish 84 malicious versions across 42 @tanstack/* npm packages. Developers who installed affected versions must immediately rotate all credentials.
A North Korean-linked supply chain attack on the Axios npm library compromised OpenAI's macOS code-signing workflow, exposing certificates for ChatGPT Desktop, Codex, and Atlas. Users must update before May 8 or face app lockout.
What caught HN was not the Dune joke. Versions 2.6.2 and 2.6.3 of the lightning package were reported to execute credential-stealing code on import, turning a routine training dependency into an exfiltration path.
Hacker News treated the Bitwarden CLI compromise as the sort of GitHub Actions failure that becomes far more serious when the package sits near secrets, tokens, and password-manager workflows. By crawl time on April 25, 2026, the thread had 855 points and 416 comments.
Hacker News pushed this story high because it reads like the most ordinary possible route into a serious breach: an old plugin business gets sold, a shared module changes hands, and the real damage stays quiet for months. By the time WordPress.org closed 31 plugins, the nastier part was already sitting inside infected wp-config.php files.
A widely discussed Hacker News thread elevated a forensic report claiming that a buyer inserted a dormant backdoor into more than 30 WordPress plugins, then activated it months later.
OpenAI said a compromised Axios package reached a GitHub Actions workflow used in its macOS app-signing pipeline. The company said it found no evidence of user data or product compromise, but is rotating certificates and requiring users to update macOS apps.
OpenAI said on April 10, 2026 that a compromised Axios package touched a GitHub Actions workflow used in its macOS app-signing pipeline. The company says no user data, systems, or software were compromised, but macOS users need updated builds signed with a new certificate before May 8, 2026.