cve

CISA issued a formal advisory on May 28, 2026 warning all organizations to audit developer systems for the Nx Console / GitHub supply chain compromise. CVE-2026-48027 and CVE-2026-45321 are on the CISA KEV catalog — federal deadline June 10. CISA also formally documented the parallel Megalodon campaign targeting GitHub Actions workflows. Full CISA guidance, complete attack chain, expanded credential targeting list, and forensic audit checklist inside.