Help Net Security

TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension (opens in new tab)

Covers 2 stories See all stories this covers including Postmortem: TanStack NPM supply-chain compromiseCovered by 3 sources See all sources covering this story including msuiche.com, thenewguard.ai

Following TeamPCP’s claim that they’ve breached GitHub’s own private code repositories, the Microsoft-owned company launched an investigation and confirmed the compromise. “Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only. The attacker’s current claims of ~3,800 repositories are directionally consistent with our investigation so far,” GitHub stated. The source of the breach The company previously said that they have no evidence that custom...

Read the original article
Sign in to keep reading the full article.
Sign UpLog In

Covered in 3 articles

msuiche.com·

Supply-Chain Attacks Cluster: 230,000 Advisories, Five Patterns

Discussed on Hacker News
Feeds
thenewguard.ai·

AI now finds software vulnerabilities faster than they get patched

Discussed on Hacker News
Feeds
igor´sLAB·

LeakWatch 2026, security incidents, data breaches and IT situation for the current calendar week 21 – Pentecost, fake voices and the question of whom to still t...

Feeds

Keyboard Shortcuts

Navigation

Next / previous post
j/k
Open post
oorEnter
Preview post
v

Post Actions

Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s

Recommendations

Add interest / feed
Enter
Not interested
x

Go to

Home
gh
Interests
gi
Feeds
gf
Likes
gl
History
gy
Changelog
gc
Settings
gs
Discover
gb
Search
/

General

Show this help
?
Submit feedback
!
Close modal / unfocus
Esc

Press ? anytime to show this help