GitHub
GitHub links repo breach to TanStack npm supply-chain attack
GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in last week’s TanStack npm supply-chain attack. This attack is attributed to the TeamPCP threat group and began with the compromise of dozens of TanStack and Mistral AI npm packages, then quickly extended to other […]
Grafana breach caused by missed token rotation after TanStack attack
The Grafana data breach was caused by a single GitHub workflow token that slipped through the rotation process following the TanStack npm supply-chain attack last week. In the ongoing Shai-Hulud malware campaign attributed to TeamPCP hackers, dozens of TanStack packages infected with credential-stealing code were published on the npm index, compromising developer environments, including Grafana’s. When the malicious […]
GitHub confirms breach of 3,800 repos via malicious VSCode extension
GitHub has confirmed that roughly 3,800 internal repositories were breached after one of its employees installed a malicious VS Code extension. The company has since removed the unnamed trojanized extension from the VS Code marketplace and has secured the compromised device. “Yesterday we detected and contained a compromise of an employee device involving a poisoned […]
GitHub investigates internal repositories breach claimed by TeamPCP
GitHub is investigating a breach of its internal repositories after the TeamPCP hacker group claimed to have accessed approximately 4,000 repositories containing private code. GitHub’s cloud-based development platform is used by more than 4 million organizations (including 90% of the Fortune 100) and over 180 million developers who contribute to more than 420 million code […]
Grafana says stolen GitHub token let hackers steal codebase
Grafana Labs disclosed that hackers have downloaded its source code after breaching its GitHub environment using a stolen access token. A relatively new extortion gang known as CoinbaseCartel has claimed the attack by adding Grafana to their data leak site (DLS), although no data has been leaked yet. Grafana Labs is the company behind Grafana, the […]
GitHub fixes RCE flaw that gave access to millions of private repos
In early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) that could have allowed attackers to access millions of private repositories. The flaw was reported on March 4, 2026, by researchers at cybersecurity firm Wiz through GitHub’s bug bounty program. GitHub Chief Information Security Officer Alexis Wales said the company’s security team reproduced and confirmed the vulnerability […]
Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data
Application security company Checkmarx has confirmed that the LAPSUS$ threat group leaked data stolen from its private GitHub repository. Although the investigation is ongoing, Checkmarx believes that the access vector was the Trivy supply-chain attack attributed to the hacker group known as TeamPCP. which provided access to credentials from downstream users. Using stolen credentials obtained from the Trivy […]
Bitwarden CLI npm package compromised to steal developer credentials
The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects. According to reports by Socket, JFrog, and OX Security, the malicious package was distributed as version 2026.4.0 and remained available between 5:57 PM and 7:30 PM ET on April 22, 2026, before being removed. […]
Claude Code leak used to push infostealer malware on GitHub
Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. Claude Code is a terminal-based AI agent from Anthropic, designed to execute coding tasks directly in the terminal and act as an autonomous agent, capable of direct system interaction, LLM API call handling, MCP […]
Cisco source code stolen in Trivy-linked dev environment breach
Cisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to breach its internal development environment and steal source code belonging to the company and its customers. A source, who asked to remain anonymous, told GeekFeed that Cisco’s Unified Intelligence Center, CSIRT, and EOC teams contained the breach […]