Storia in 11 fonti

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.

Raccontata da

martedì 19 maggio 2026·techcrunch.com
Hackers have compromised dozens of popular open source packages in an ongoing supply chain attack | TechCrunch
The attacks are part of a wider campaign known as Mini Shai-Hulud, which has already compromised several open source projects and, in turn, developers and companies that use them.
mercoledì 20 maggio 2026·thehackernews.com
GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories
GitHub is investigating unauthorized access to internal repositories after TeamPCP listed alleged source code and internal organizations for sale.

mercoledì 20 maggio 2026·

securityweek.com

GitHub Confirms Hack Impacting 3,800 Internal Repositories

GitHub has confirmed that roughly 3,800 internal repositories were hacked after an employee installed an infected VS Code extension.

mercoledì 20 maggio 2026·

tomshardware.com

Hacker group hits 3,800 internal GitHub repositories via poisoned developer plugin — TeamPCP claims source code theft and attempts $50,000…

GitHub says it has already rotated critical secrets and credentials following the breach

mercoledì 20 maggio 2026·

thenextweb.com

GitHub breached via poisoned VS Code extension, 3,800 repos stolen

TeamPCP exfiltrated 3,800 internal GitHub repositories after poisoning a VS Code extension. No customer data was affected, the company says.

mercoledì 20 maggio 2026·

decrypt.co

GitHub Confirms 3,800 Internal Repos Stolen Through Poisoned VS Code Extension - Decrypt

TeamPCP gained access to GitHub's private source code after an employee unknowingly installed a malicious coding tool.

mercoledì 20 maggio 2026·

venturebeat.com

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft's Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask…

mercoledì 20 maggio 2026·

t3n.de

Angriff auf GitHub über kompromittiertes Gerät: Hacker stehlen 3.800 interne Repositories | t3n

Die Hackergruppe Team-PCP hat sich Zugriff auf tausende interne GitHub-Repositories verschafft und versteigert die erbeuteten Daten jetzt. Einfallstor für den Cyberangriff soll…

giovedì 21 maggio 2026·

wired.com