GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks.

The attacks are part of a wider campaign known as Mini Shai-Hulud, which has already compromised several open source projects and, in turn, developers and companies that use them.

GitHub blamed the latest in a growing list of hacks claimed by TeamPCP on a poisoned VS Code extension.

A GitHub employee has unwittingly allowed 3,800 internal repositories to be breached after a device compromise with a poisoned VS Code extension.

GitHub is investigating unauthorized access to internal repositories after TeamPCP listed alleged source code and internal organizations for sale.

GitHub is investigating a breach of its internal repositories after the TeamPCP hacker group claimed to have accessed approximately 4,000 repositories containing private code.

GitHub has confirmed that roughly 3,800 internal repositories were hacked after an employee installed an infected VS Code extension.

GitHub says it has already rotated critical secrets and credentials following the breach

TeamPCP exfiltrated 3,800 internal GitHub repositories after poisoning a VS Code extension. No customer data was affected, the company says.

TeamPCP gained access to GitHub's private source code after an employee unknowingly installed a malicious coding tool.

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask…

Die Hackergruppe Team-PCP hat sich Zugriff auf tausende interne GitHub-Repositories verschafft und versteigert die erbeuteten Daten jetzt. Einfallstor für den Cyberangriff soll…

Open source software giant GitHub confirmed a data breach this week involving the theft of thousands of repos. One threat actor — TeamPCP — took credit.

GitHub has confirmed a cyberattack after a threat actor claimed to have stolen and listed company data for sale. The breach involved unauthorised access to internal repositories…

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.

TeamPCP breached GitHub via a malicious VS Code extension, stealing 3,800 internal repos including Actions, Copilot, and CodeQL source code now for sale.

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks.

TeamPCP ha compromesso centinaia di pacchetti open source su GitHub, npm e PyPI distribuendo malware attraverso repository compromessi.