GitHub confirmed an attacker was able to access its internal repositories after a code extension breach, with TeamPCP claiming credit.
GitHub said the activity involved the exfiltration of about 3,800 internal repositories, and it removed the malicious code extension. GitHub said on Wednesday it is investigating unauthorized access to its internal repositories following the compromise of an employee's device.
“While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories, we are closely monitoring our infrastructure for follow-on activity,” the developer platformit detected and contained a compromise of an employee device involving a poisoned VS Code extension on Tuesday. “We removed the malicious extension version, isolated the endpoint, and began incident response immediately,” it added.
GitHub is the go-to platform for developers, many of whom host their open source projects and repositories on its servers.responsibility for the compromise and has attempted to sell the GitHub data online, claiming to have “4,000 repos of private code” related to GitHub’s main platform and internal organizations.
“If you have API keys in your code, even private repos, now is the time to double-check and change them,” Binance founder Changpeng Zhaoon Tuesday it was hit by a supply-chain attack in which malicious actors accessed its GitHub repositories and downloaded its codebase. This incident also came shortly after the April 28 public disclosure of a critical remote code execution vulnerability, CVE-2026-3854, that allowed authenticated users to execute arbitrary commands on GitHub’s servers.the critical flaw, reported at the time that millions of public and private repositories belonging to other users and organizations were accessible on the affected nodes. Martin Young
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
New York Magazine columnist accused of plagiarism by fellow reporters, triggers internal reviewRoss Barkan was accused of plagiarism by multiple reporters over the weekend, prompting New York Magazine to launch an internal review of his past columns.
Read more »
Trump moves to dismiss $10B suit against the Internal Revenue Service over leak of tax returnsABC News first reported last week that Trump was prepared to drop his lawsuit as part of a deal that would create a $1.7 billion fund to pay allies of the president.
Read more »
West Shore Regional Police Officer Charged with DUI and Under Internal ReviewInternal review launched after West Shore Regional Police officer Raleigh Sirb was charged with driving under the influence. No further comment provided.
Read more »
‘The Worst Leak That I’ve Witnessed’: U.S. Cybersecurity Agency Leaves Its Digital Keys Out in Public on GitHubPasswords were stored as plain text in a public GitHub repository.
Read more »