TeamPCP breaches GitHub, accessing 3,800 internal code repositories

CryptoPotatogithub cz binance internal repos

GitHub Internal Repos Breached; Binance’s CZ Urges Urgent Key Rotation

GitHub says there is currently no evidence that customer repositories or external enterprise data were compromised.

May 20, 9:21 PM

decryptgithub teampcp vs code extension internal repos

GitHub Confirms 3,800 Internal Repos Stolen Through Poisoned VS Code Extension

TeamPCP gained access to GitHub's private source code after an employee unknowingly installed a malicious coding tool.

May 20, 4:54 PM

Live Bitcoin Newsattack github repositories vs code extension

GitHub Got Hit Through a Poisoned VS Code Extension Nobody Saw Coming

A poisoned VS Code extension breached GitHub’s internal repositories. Around 3,800 repos may be exposed as GitHub rotates secrets and investigates the attack. A single employee’s device. That was the way in. GitHub confirmed it detected and contained a compromise involving a poisoned VS Code extension installed on an internal device. The malicious extension version […] The post GitHub Got Hit Through a Poisoned VS Code Extension Nobody Saw Coming appeared first on Live Bitcoin News.

May 20, 4:00 PM

InfoWorld AImicrosoft github x source code

GitHub admits major source code leak after 3,800 internal repositories breached

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers exfiltrated code from around 3,800 of the company’s internal repositories. News of the incident first emerged on May 19, when GitHub said it was investigating “unauthorized access.” Hours later, the company’s X account confirmed the worst: “Yesterday we detected and contained a compromise of an employee device involving a poisoned VS [Visual Studio] Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately,” GitHub said. “Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only. The attacker’s current claims of ~3,800 repositories are directionally consistent with our investigation so far.” GitHub added: “We continue to analyze logs, validate secret rotation, and monitor for any follow-on activity. We will take additional action as the investigation warrants.” Th

May 20, 3:44 PM

KDNuggetgithub repositories quant trading

10 GitHub Repositories to Master Quant Trading

From your first backtest to a real trading system, here are GitHub repos that can seriously level up your quant trading skills fast.

May 20, 1:20 PM

Bitcoin Newsmicrosoft github mini shai-hulud github actions

GitHub Worm Hits npm Packages With 16M Downloads

A self-replicating worm that hijacks GitHub Actions pipelines to publish malicious npm packages has struck again, compromising AntV, echarts-for-react, and Microsoft’s durabletask SDK. Mini Shai-Hulud Exploits GitHub Actions to Hit 16 Million Weekly Downloads The Mini Shai-Hulud campaign, attributed to the threat group Team PCP, does not work the way most supply chain attacks do […]

May 20, 7:05 AM

Cointelegraphgithub internal repositories exfiltration malicious code extension

GitHub investigates unauthorized access to internal repositories

GitHub said the activity involved the exfiltration of about 3,800 internal repositories, and it removed the malicious code extension.

May 20, 7:01 AM

Crypto Newsgithub repositories api keys changpeng zhao

Binance’s Changpeng Zhao urges caution after GitHub breach

GitHub has confirmed that thousands of its internal repositories were accessed without authorization, prompting fresh warnings from Binance founder Changpeng “CZ” Zhao for crypto developers to immediately rotate API keys stored in code repositories. According to a statement published by…

May 20, 6:37 AM