GitHub data exposed after GitHub breach
Data Leak
Summary
Hide ▲
Show ▼
GitHub confirmed exfiltration of internal repositories, making private code and related content potentially available to outsiders. Attackers on the Breached cybercrime forum claimed access to about ~4,000 private repos and asked for at least $50,000. GitHub said its assessment of ~3,800 repositories was directionally consistent with the investigation. The company said it had no evidence that customer data stored outside the affected repos was impacted.
Related Happenings
Single organization's private GitHub repository cloned after confirmed access
Data Leak
H score12
First: 09.07.2026 21:38
Last: 09.07.2026 21:38
Sources 1
About this happening:
**Confirmed access** to a **private GitHub repository** belonging to **one organization** marks a concrete **data exposure** and raises the risk of source-code or internal-content...
Single organization's private GitHub repository cloned after confirmed access
Data LeakAbout this happening: **Confirmed access** to a **private GitHub repository** belonging to **one organization** marks a concrete **data exposure** and raises the risk of source-code or internal-content...
GitHub Agentic Workflows indirect prompt injection security flaw
Vulnerability
H score27
First: 07.07.2026 17:04
Last: 07.07.2026 17:04
Sources 1
About this happening:
**GitHub Agentic Workflows** has an **indirect prompt injection** flaw that can let a **public issue** leak content from **private repositories** into public comments. The risk is...
GitHub Agentic Workflows indirect prompt injection security flaw
VulnerabilityAbout this happening: **GitHub Agentic Workflows** has an **indirect prompt injection** flaw that can let a **public issue** leak content from **private repositories** into public comments. The risk is...
Microsoft hit by cyberattack
Incident
H score68
First: 09.06.2026 18:42
Last: 09.06.2026 18:42
Sources 1
About this happening:
A **Microsoft** GitHub repository removal incident in **June 2026** disrupted **continuous integration pipelines** and briefly broke **Azure/functions-action** workflows used by d...
Microsoft hit by cyberattack
IncidentAbout this happening: A **Microsoft** GitHub repository removal incident in **June 2026** disrupted **continuous integration pipelines** and briefly broke **Azure/functions-action** workflows used by d...
Miasma self-replicating supply chain attack campaign targeting open-source repositories
Campaign
H score83
First: 06.06.2026 09:58
Last: 06.06.2026 09:58
Sources 1
About this happening:
The **Miasma** self-replicating supply-chain campaign has reached **73 Microsoft repositories** across **Azure**, **Azure-Samples**, **Microsoft**, and **MicrosoftDocs** on **GitH...
Miasma self-replicating supply chain attack campaign targeting open-source repositories
CampaignAbout this happening: The **Miasma** self-replicating supply-chain campaign has reached **73 Microsoft repositories** across **Azure**, **Azure-Samples**, **Microsoft**, and **MicrosoftDocs** on **GitH...
Megalodon GitHub CI/CD supply-chain campaign
Campaign
H score50
First: 22.05.2026 14:55
Last: 22.05.2026 14:55
Sources 1
About this happening:
The **Megalodon** campaign pushed **5,718 malicious commits** into **5,561 GitHub repositories** in about **six hours**, creating a broad **CI/CD secret-theft** risk across develo...
Megalodon GitHub CI/CD supply-chain campaign
CampaignAbout this happening: The **Megalodon** campaign pushed **5,718 malicious commits** into **5,561 GitHub repositories** in about **six hours**, creating a broad **CI/CD secret-theft** risk across develo...
Timeline
-
20.05.2026 11:14 1 articles · 1mo ago
Poisoned VS Code extension compromises GitHub employee device
Exploitation ObservedA GitHub employee device is compromised after installation of a malicious VS Code extension, and the activity leads to exfiltration involving GitHub-internal repositories.
Show sources
- GitHub confirms breach of 3,800 repos via malicious VSCode extension — www.bleepingcomputer.com — 20.05.2026 11:14
-
20.05.2026 11:14 1 articles · 1mo ago
GitHub removes malicious VS Code extension and isolates the compromised endpoint
Mitigation Patch UpdateGitHub removes the trojanized extension from the VS Code marketplace, secures the compromised device, isolates the endpoint, and begins incident response after detecting the compromise.
Show sources
- GitHub confirms breach of 3,800 repos via malicious VSCode extension — www.bleepingcomputer.com — 20.05.2026 11:14
-
20.05.2026 11:14 2 articles · 1mo ago
GitHub confirms exfiltration of internal repositories
Initial DisclosureGitHub says it is investigating unauthorized access to its internal repositories and assesses that the activity involved exfiltration of GitHub-internal repositories only, with its current view directionally consistent with claims of roughly 3,800 repositories; TeamPCP also claims access to about ~4,000 repos of private code on the Breached cybercrime forum and asks for at least $50,000.
Show sources
- GitHub confirms breach of 3,800 repos via malicious VSCode extension — www.bleepingcomputer.com — 20.05.2026 11:14
- GitHub links repo breach to TanStack npm supply-chain attack — www.bleepingcomputer.com — 21.05.2026 09:54