/ Software
Megalodon, Mass GitHub Actions Backdoors, and the Repo Supply Chain Problem
Megalodon showed that software supply chain attacks do not need a poisoned package when attackers can backdoor CI workflows across thousands of repositories instead.