GitHub investigates internal repositories breach claimed by TeamPCP

GitHub is investigating a breach of its internal repositories after the TeamPCP hacker group claimed to have accessed ...
SecurityWeek

Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack

The Megalodon supply chain attack poisoned over 5,500 GitHub repositories via automated commits injecting GitHub Actions workflows.
Tech Times

500 Poisoned Packages, Hundreds of Companies: TeamPCP’s Worm Just Reached GitHub

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate ...

GitHub Says 3,800 Repositories Breached—TeamPCP Hackers Demand $50,000

A GitHub employee has unwittingly allowed 3,800 internal repositories to be breached after a device compromise with a ...

Shai-Hulud keeps burrowing: 314 npm packages infected after another account compromise

Popular JavaScript modules including size-sensor and echarts-for-react hit as hijacked account closed GitHub warnings ...
SecurityWeek

GitHub Confirms Hack Impacting 3,800 Internal Repositories

GitHub has confirmed that roughly 3,800 internal repositories were hacked after an employee installed an infected VS Code ...

Megalodon cyberattack infects 5,500 GitHub open-source repositories with malware, researchers say

Security researchers say 5,500 GitHub repositories have been affected by the attack.