Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

GitHub data exposed after GitHub breach

Data Leak
First reported
Last updated
Happening score
H score 30
1 unique sources, 2 articles

Summary

Hide ▲

GitHub confirmed exfiltration of internal repositories, making private code and related content potentially available to outsiders. Attackers on the Breached cybercrime forum claimed access to about ~4,000 private repos and asked for at least $50,000. GitHub said its assessment of ~3,800 repositories was directionally consistent with the investigation. The company said it had no evidence that customer data stored outside the affected repos was impacted.

Related Happenings

Megalodon GitHub CI/CD supply-chain campaign

Campaign
First: 22.05.2026 14:55 Last: 22.05.2026 14:55 Sources 1

About this happening: The **Megalodon** campaign pushed **5,718 malicious commits** into **5,561 GitHub repositories** in about **six hours**, creating a broad **CI/CD secret-theft** risk across develo...

Open Happening

GitHub internal repositories private-code leak claim

Data Leak
First: 20.05.2026 08:08 Last: 20.05.2026 08:08 Sources 1

About this happening: GitHub is facing a claimed leak of **internal repositories** after **TeamPCP** said it had access to about **4,000 private-code repos** and tried to sell samples. The alleged expo...

Latest development: 21.05.2026 17:45

A malicious version of Nx Console 18.95.0 was uploaded to Visual Studio Marketplace and Open VSX on May 18, fetched an obfuscated payload, and harvested secrets from ~/.vault-token, /etc/vault/token, .npmrc, ghp_/gho_/ghs_ tokens, AWS metadata, and other local sources; GitHub said the poisoned VS Code extension led to unauthorized access to about 3800 internal repositories.

Open Happening

GitHub hit by network compromise

Incident
First: 20.05.2026 07:01 Last: 20.05.2026 07:01 Sources 1

How related: GitHub on Wednesday officially confirmed that the breach of its internal repositories was the result of a compromise of an employee device involving a poisoned version of the Nx Console Microsoft Visual Studio Code (VS Code) extension.

About this happening: GitHub is investigating unauthorized access to its internal repositories after a third party allegedly offered stolen material for sale on a cybercrime forum. The intrusion was li...

Latest development: 20.05.2026 13:45

GitHub detected unauthorized access tied to a poisoned Visual Studio Code (VS Code) extension on an employee device, removed the malicious extension version, isolated the endpoint, and began incident response to contain exposure across internal repositories.

Open Happening

Grafana Labs source code leak and extortion demand

Data Leak
First: 19.05.2026 12:15 Last: 19.05.2026 12:15 Sources 1

About this happening: The **Grafana Labs** codebase was **downloaded from its GitHub environment**, creating a risk that proprietary source code could be **released or misused**. The company said **no...

Open Happening

Rwl.angular-console (Nx Console) hit by network compromise

Incident
First: 19.05.2026 10:49 Last: 19.05.2026 10:49 Sources 1

About this happening: The **Nx Console** extension **rwl.angular-console 18.95.0** was compromised on the **VS Code Marketplace**, exposing **developers** to a **credential-stealing** payload and suppl...

Open Happening

Timeline

  1. 20.05.2026 11:14 1 articles · 7d ago

    Poisoned VS Code extension compromises GitHub employee device

    Exploitation Observed

    A GitHub employee device is compromised after installation of a malicious VS Code extension, and the activity leads to exfiltration involving GitHub-internal repositories.

    Show sources
    Open in new tab
  2. 20.05.2026 11:14 1 articles · 7d ago

    GitHub removes malicious VS Code extension and isolates the compromised endpoint

    Mitigation Patch Update

    GitHub removes the trojanized extension from the VS Code marketplace, secures the compromised device, isolates the endpoint, and begins incident response after detecting the compromise.

    Show sources
    Open in new tab
  3. 20.05.2026 11:14 2 articles · 7d ago

    GitHub confirms exfiltration of internal repositories

    Initial Disclosure

    GitHub says it is investigating unauthorized access to its internal repositories and assesses that the activity involved exfiltration of GitHub-internal repositories only, with its current view directionally consistent with claims of roughly 3,800 repositories; TeamPCP also claims access to about ~4,000 repos of private code on the Breached cybercrime forum and asks for at least $50,000.

    Show sources
    Open in new tab