top of page
ALL POSTS
GitHub's 3,800 Internal Repositories Compromised Through Malicious VS Code Extension
Key Findings GitHub's internal repositories were compromised after an employee device was infected with a malicious Visual Studio Code extension Approximately 3,800 internal repositories were exfiltrated in the attack TeamPCP, a financially motivated hacking group, claimed responsibility and is selling the stolen data for around $95,000 GitHub confirmed it detected, contained and isolated the breach; no customer data outside internal repositories was affected Critical credent
May 202 min read
TeamPCP Claims Sale of Mistral AI Repositories During Mini Shai-Hulud Attack
Key Findings TeamPCP-linked forum account claims to be selling roughly 5GB of internal Mistral AI repositories and source code The alleged archive contains approximately 450 repositories covering training systems, inference infrastructure, and enterprise AI projects No independent verification of the authenticity of the claimed repositories has been established The sale announcement surfaced days after Mini Shai-Hulud supply chain attacks compromised hundreds of npm and PyPI
May 133 min read
Bitwarden CLI Compromised in Supply Chain Attack Through Checkmarx
Key Findings Bitwarden CLI version 2026.4.0 was compromised through a malicious GitHub Action in the project's CI/CD pipeline, affecting the npm distribution mechanism The attack was part of the ongoing Checkmarx supply chain campaign, likely orchestrated by threat actor TeamPCP Malicious code in bw1.js executed a preinstall hook that stole GitHub tokens, npm credentials, SSH keys, cloud secrets, and shell history Stolen data was exfiltrated to a fake Checkmarx domain (audit.
Apr 243 min read
bottom of page
