1. Forum
  2. tqwNet
  3. TQW GENTECH

  • GitHub confirms breach thousands of internal repositories hit af

    From TechnologyDaily@1337:1/100 to All on Thursday, May 21, 2026 14:30:27
    GitHub confirms breach thousands of internal repositories hit after employee installs malicious VS Code extension

    Date:
    Thu, 21 May 2026 13:20:00 +0000

    Description:
    TeamPCP continues its attack on open source projects, now apparently asking for $50,000.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter GitHub confirms an employees compromised device led to exfiltration of internal repositories via a
    poisoned VSCode extension Threat actors TeamPCP are selling an archive of roughly 4,000 repos on the dark web, asking $50,000 with samples shared for proof The group is also behind recent npm supplychain attacks, highlighting its ongoing campaign against developer ecosystems GitHub, one of the biggest open source code repositories in the world, has confirmed being hit by a cyberattack which saw its sensitive data stolen.

    In a short announcement on X , GitHub saidone of its employees had their device compromised when they downloaded a poisoned VSCode extension. The company removed the malware , isolated the endpoint, and started an investigation, which determined the attacker exfiltrated some sensitive data. Latest Videos From You may like Grafana says hackers hit its GitHub environment AI giant confirms breach as hackers threaten to leak Mistral
    files online Trellix confirms data breach after hack of 'a portion' of its source code TeamPCP takes the blame Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only, Github noted. The attackers current claims of ~3,800 repositories are directionally consistent with our investigation so far.

    In response, GitHub rotated critical secrets and continues to analyze logs, validate secret rotation, and monitor follow-on activity. We will take additional action as the investigation warrants, it concluded.

    An archive of roughly 4,000 repositories is reportedly being offered for sale on the dark web, by threat actors known as TeamPCP, with CyberInsider
    claiming the group is asking for $50,000 in exchange for the archive, but apparently, no ransom note was left.

    There is a total of around ~4,000 repos of private code here, the crooks allegedly said. They also shared samples, to prove the authenticity of their claims. If no one buys the stash soon, the attackers said they would leak it to the dark web for free. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features
    and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    Besides ShinyHunters, TeamPCP is currently one of the most active groups out there. It is responsible for Shai-Hulud and Mini Shai-Hulud campaigns, in which they compromised countless GitHub and npm repositories, and used them
    to push malware to possibly thousands of projects.

    It recently published more than 600 malicious packages to the npm registry, targeting more than 300 unique packages. By stealing login credentials and access tokens, the miscreants access legitimate packages and update them to push infostealer malware, grabbing credentials, and compromising CI/CD environments. The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/github-confirms-breach-thousands-of-int ernal-repositories-hit-after-employee-installs-malicious-vs-code-extension


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)