Storia in 14 fonti

GitHub links repo breach to TanStack npm supply-chain attack

GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in last week's TanStack npm supply-chain attack.

Raccontata da

theverge.com+2 altre

lunedì 18 maggio 2026·theregister.com
TanStack weighs invitation-only pull requests after supply chain attack
Shai-Hulud worm exploited GitHub Actions misconfiguration to poison shared cache, now project weighing nuclear option on unsolicited contributions
martedì 19 maggio 2026·infoworld.com
AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks
The largest incident yet is a warning that developers should urgently check package security, say experts.

mercoledì 20 maggio 2026·

infoworld.com

GitHub admits major source code leak after 3,800 internal repositories breached

GitHub blamed the latest in a growing list of hacks claimed by TeamPCP on a poisoned VS Code extension.

mercoledì 20 maggio 2026·

forbes.com

GitHub Says 3,800 Repositories Breached—TeamPCP Hackers Demand $50,000

A GitHub employee has unwittingly allowed 3,800 internal repositories to be breached after a device compromise with a poisoned VS Code extension.

mercoledì 20 maggio 2026·

thehackernews.com

Grafana GitHub Breach Exposes Source Code via TanStack npm Attack

Grafana GitHub breach stemmed from TanStack npm attack; missed token exposed repos, not customer production systems.

mercoledì 20 maggio 2026·

cointelegraph.com

GitHub Internal Repositories Breached via VS Code Extension

GitHub confirmed an attacker was able to access its internal repositories after a code extension breach, with TeamPCP claiming credit.

mercoledì 20 maggio 2026·

bleepingcomputer.com

GitHub confirms breach of 3,800 repos via malicious VSCode extension

GitHub has confirmed that roughly 3,800 internal repositories were breached after one of its employees installed a malicious VS Code extension.

mercoledì 20 maggio 2026·

securityweek.com

GitHub Confirms Hack Impacting 3,800 Internal Repositories

GitHub has confirmed that roughly 3,800 internal repositories were hacked after an employee installed an infected VS Code extension.

mercoledì 20 maggio 2026·

theregister.com

GitHub says internal repos exfiltrated after poisoned VS Code extension attack

Around 3,800 repositories of GitHub internal code have been exfiltrated, company rotates credentials as devs ponder the implications

mercoledì 20 maggio 2026·

securityweek.com

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub Actions and a VS Code extension.

mercoledì 20 maggio 2026·

tomshardware.com

Hacker group hits 3,800 internal GitHub repositories via poisoned developer plugin — TeamPCP claims source code theft and attempts $50,000…

GitHub says it has already rotated critical secrets and credentials following the breach

mercoledì 20 maggio 2026·

thenextweb.com

GitHub breached via poisoned VS Code extension, 3,800 repos stolen

TeamPCP exfiltrated 3,800 internal GitHub repositories after poisoning a VS Code extension. No customer data was affected, the company says.

mercoledì 20 maggio 2026·

dev.to

GitHub Got Breached Through a VS Code Extension. MCP Servers Are Next.

Yesterday, GitHub said it had detected and contained a compromise of an employee device involving a...

mercoledì 20 maggio 2026·

decrypt.co

GitHub Confirms 3,800 Internal Repos Stolen Through Poisoned VS Code Extension - Decrypt

TeamPCP gained access to GitHub's private source code after an employee unknowingly installed a malicious coding tool.

mercoledì 20 maggio 2026·

bleepingcomputer.com

Grafana breach caused by missed token rotation after TanStack attack

The Grafana data breach was caused by a single GitHub workflow token that slipped through the rotation process following the TanStack npm supply-chain attack last week.

mercoledì 20 maggio 2026·

theverge.com

GitHub says a data breach impacted 3,800 internal repositories.

The company traced the incident to a “poisoned” VS Code extension on an employee’s device. While the hacking group TeamPCP has claimed responsibility for the breach, GitHub says…

mercoledì 20 maggio 2026·

venturebeat.com

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft's Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask…

giovedì 21 maggio 2026·

siliconangle.com

GitHub confirms breach of 3,800 internal repos after employee installs poisoned VS Code extension - SiliconANGLE

giovedì 21 maggio 2026·

thehackernews.com

GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension

GitHub lost 3,800 internal repos after poisoned Nx Console update exposed developer credentials and supply-chain risk.

giovedì 21 maggio 2026·

bleepingcomputer.com