Microsoft-owned GitHub confirmed on Wednesday that attackers exfiltrated data from roughly 3,800 internal repositories after a poisoned Visual Studio Code extension compromised an employee device.
This incident marks the latest in a series of software supply chain attacks linked to the hacking group TeamPCP.
The group claimed on Tuesday to have stolen source code and internal organisational data from about 4,000 repositories and offered the material for sale on a cybercrime forum for at least $50,000. GitHub said the attackers’ estimate was “directionally consistent” with its own investigation and stated that the activity appeared limited to internal repositories.
GitHub said it had “no evidence of impact to customer information stored outside of GitHub’s internal repositories”, including enterprise or customer-hosted repositories. The Microsoft-owned platform said it had rotated critical secrets and credentials, isolated the compromised endpoint and continued analysing logs for follow-on activity.
In a statement cited by Cyber Security News, GitHub said: “Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only.” The company added: “We continue to analyse logs, validate secret rotation, and monitor for any follow-on activity.”
Ilkka Turunen, Field CTO at Sonatype, said the incident reflects the growing targeting of developers in supply chain attacks. “This is another reminder that developers are now permanent targets in software supply chain attacks. TeamPCP has shown how a motivated attacker can move through the tools developers trust every day – open source packages, extensions, accounts and credentials – rather than trying to break in through the front door.”
TeamPCP has been linked to a series of attacks targeting open-source projects and developer infrastructure during 2026, including incidents affecting TanStack, Bitwarden CLI and Checkmarx. Malicious versions of Microsoft’s durabletask Python package have also recently been distributed with credential-stealing malware capable of spreading across AWS and Kubernetes environments.
GitHub said it would publish a fuller incident report once its investigation is complete.
Latest News
-
GitHub confirms breach affecting thousands of internal repositories
-
SpaceX files with SEC, setting the stage for largest IPO in history
-
HSBC CEO says AI will eliminate some banking roles
-
EY withdraws AI-generated cybersecurity report after fabricated citations found
-
Meta shifts 7,000 staff into AI roles before layoffs
-
Former Tesla director and OpenAI cofounder Andrej Karpathy joins Anthropic
The future-ready CFO: Driving strategic growth and innovation
This National Technology News webinar sponsored by Sage will explore how CFOs can leverage their unique blend of financial acumen, technological savvy, and strategic mindset to foster cross-functional collaboration and shape overall company direction. Attendees will gain insights into breaking down operational silos, aligning goals across departments like IT, operations, HR, and marketing, and utilising technology to enable real-time data sharing and visibility.
The corporate roadmap to payment excellence: Keeping pace with emerging trends to maximise growth opportunities
In today's rapidly evolving finance and accounting landscape, one of the biggest challenges organisations face is attracting and retaining top talent. As automation and AI revolutionise the profession, finance teams require new skillsets centred on analysis, collaboration, and strategic thinking to drive sustainable competitive advantage.
© 2019 Perspective Publishing Privacy & Cookies
Recent Stories