A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

Published: 2 weeks ago (May 21, 2026 at 05:00 AM EDT)

1 min read

Source: Wired

Source: Wired

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.

Back to Blog

GitHub's Internal Repos Breached Via Employee's Use of Malicious VS Code Extension

Incident Overview Longtime Slashdot reader Himmy32 reports that GitHub announced on X that its internal repositories were breached through a compromised VS Cod...

GitHub investigates internal repositories breach claimed by TeamPCP

!https://www.bleepstatic.com/content/hl-images/2026/04/29/GitHub.jpg Breach Investigation GitHub is investigating a breach of its internal repositories after th...

GitHub links repo breach to TanStack npm supply-chain attack

markdown !https://www.bleepstatic.com/content/hl-images/2026/05/21/GitHub_headpic.jpg GitHub says the hackers who breached 3,800 internal repositories gained ac...

GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension

GitHub on Wednesday officially confirmed that the breach of its internal repositories was the result of a compromise of an employee device involving a poisoned...

Related posts

GitHub's Internal Repos Breached Via Employee's Use of Malicious VS Code Extension

GitHub investigates internal repositories breach claimed by TeamPCP

GitHub links repo breach to TanStack npm supply-chain attack

GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension