GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.

The attacks are part of a wider campaign known as Mini Shai-Hulud, which has already compromised several open source projects and, in turn, developers and companies that use them.

GitHub is investigating unauthorized access to internal repositories after TeamPCP listed alleged source code and internal organizations for sale.

GitHub has confirmed that roughly 3,800 internal repositories were hacked after an employee installed an infected VS Code extension.

GitHub says it has already rotated critical secrets and credentials following the breach

TeamPCP exfiltrated 3,800 internal GitHub repositories after poisoning a VS Code extension. No customer data was affected, the company says.

TeamPCP gained access to GitHub's private source code after an employee unknowingly installed a malicious coding tool.

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask…

Die Hackergruppe Team-PCP hat sich Zugriff auf tausende interne GitHub-Repositories verschafft und versteigert die erbeuteten Daten jetzt. Einfallstor für den Cyberangriff soll…

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.

TeamPCP breached GitHub via a malicious VS Code extension, stealing 3,800 internal repos including Actions, Copilot, and CodeQL source code now for sale.

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks.

TeamPCP ha compromesso centinaia di pacchetti open source su GitHub, npm e PyPI distribuendo malware attraverso repository compromessi.