GitHub
20 articles
Senator urges classified briefing after CISA data leak on GitHub
A GitHub leak exposed CISA credentials, sparking concerns over secrets management and leadership.
GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension
A threat actor compromised an Nx developer and posed as a legitimate maintainer to publish a malicious extension on Visual Studio Marketplace
GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise
GitHub CISO Alexis Wales has named the malicious VS Code extension behind the breach they suffered at the hands of the threat group TeamPCP: Nx Console, a po...
GitHub links repo breach to TanStack npm supply-chain attack
GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in la...
New Mini Shai-Hulud attack targets npm ecosystem
Mini Shai-Hulud campaign hits 323 npm packages, GitHub Actions and VS Code tools.
Grafana breach caused by missed token rotation after TanStack attack
The Grafana data breach was caused by a single GitHub workflow token that slipped through the rotation process following the TanStack npm supply-chain attack...
GitHub Breach: TeamPCP Steals 3,800 Repositories via VS Code Extension
GitHub Breach: TeamPCP stole 3,800 internal repositories through a malicious VS Code extension and is now selling the data online for $95,000.
Grafana GitHub Security Incident Reportedly Connected to TanStack npm Ransomware
Grafana Labs has disclosed a targeted GitHub security incident linked to the ongoing TanStack npm supply chain ransomware campaign, raising concerns about so...
GitHub confirms being hacked by TeamPCP, says customer data unaffected
Github, which hosts code for more than 100 million developers worldwide, confirmed the breach on social media after TeamPCP advertised stolen source code on ...
Senator presses CISA for answers about alleged GitHub repository leak
U.S.
GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension
The prolific threat group TeamPCP has claimed a hack into GitHub’s internal repositories
GitHub Confirms Hack Impacting 3,800 Internal Repositories
The TeamPCP hacking group accessed the repositories after a GitHub employee installed a poisoned VS Code extension. The post GitHub Confirms Hack Impacting 3...
A malicious VS code extension just breached GitHub ‘s internal repositories
One employee installed a trojanized VS Code extension. Result: ~3,800 GitHub internal repositories exfiltrated.
GitHub confirms breach of 3,800 repos via malicious VSCode extension
GitHub has confirmed that roughly 3,800 internal repositories were breached after one of its employees installed a malicious VS Code extension. [.
Single-Letter Go Module Typosquat Drops DNS-Based Backdoor
A newly uncovered software supply chain attack targeting Go developers demonstrates how a single-character typo can silently introduce a persistent backdoor....
GitHub Source Code Reportedly Compromised, TeamPCP Claims Breach
A threat actor group known as TeamPCP has claimed responsibility for a significant breach involving GitHub’s internal systems, alleging the theft of sensitiv...
Grafana GitHub Breach Exposes Source Code via TanStack npm Attack
Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised....
GitHub investigates internal repositories breach claimed by TeamPCP
GitHub is investigating a breach of its internal repositories after the TeamPCP hacker group claimed to have accessed approximately 4,000 repositories contai...
GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories
GitHub on Tuesday said it's investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platf...