Find notable cyber news and cases, enriched with sources, timelines, and signals.

GitHub data exposed after GitHub breach

Data Leak
First reported
Last updated
Happening score
H score 35
1 unique sources, 2 articles

Summary

Hide ▲

GitHub confirmed exfiltration of internal repositories, making private code and related content potentially available to outsiders. Attackers on the Breached cybercrime forum claimed access to about ~4,000 private repos and asked for at least $50,000. GitHub said its assessment of ~3,800 repositories was directionally consistent with the investigation. The company said it had no evidence that customer data stored outside the affected repos was impacted.

Related Happenings

Single organization's private GitHub repository cloned after confirmed access

Data Leak
H score12 First: 09.07.2026 21:38 Last: 09.07.2026 21:38 Sources 1

About this happening: **Confirmed access** to a **private GitHub repository** belonging to **one organization** marks a concrete **data exposure** and raises the risk of source-code or internal-content...

GitHub Agentic Workflows indirect prompt injection security flaw

Vulnerability
H score27 First: 07.07.2026 17:04 Last: 07.07.2026 17:04 Sources 1

About this happening: **GitHub Agentic Workflows** has an **indirect prompt injection** flaw that can let a **public issue** leak content from **private repositories** into public comments. The risk is...

Microsoft hit by cyberattack

Incident
H score68 First: 09.06.2026 18:42 Last: 09.06.2026 18:42 Sources 1

About this happening: A **Microsoft** GitHub repository removal incident in **June 2026** disrupted **continuous integration pipelines** and briefly broke **Azure/functions-action** workflows used by d...

Miasma self-replicating supply chain attack campaign targeting open-source repositories

Campaign
H score83 First: 06.06.2026 09:58 Last: 06.06.2026 09:58 Sources 1

About this happening: The **Miasma** self-replicating supply-chain campaign has reached **73 Microsoft repositories** across **Azure**, **Azure-Samples**, **Microsoft**, and **MicrosoftDocs** on **GitH...

Megalodon GitHub CI/CD supply-chain campaign

Campaign
H score50 First: 22.05.2026 14:55 Last: 22.05.2026 14:55 Sources 1

About this happening: The **Megalodon** campaign pushed **5,718 malicious commits** into **5,561 GitHub repositories** in about **six hours**, creating a broad **CI/CD secret-theft** risk across develo...

Timeline

  1. 20.05.2026 11:14 1 articles · 1mo ago

    Poisoned VS Code extension compromises GitHub employee device

    Exploitation Observed

    A GitHub employee device is compromised after installation of a malicious VS Code extension, and the activity leads to exfiltration involving GitHub-internal repositories.

    Show sources
  2. 20.05.2026 11:14 1 articles · 1mo ago

    GitHub removes malicious VS Code extension and isolates the compromised endpoint

    Mitigation Patch Update

    GitHub removes the trojanized extension from the VS Code marketplace, secures the compromised device, isolates the endpoint, and begins incident response after detecting the compromise.

    Show sources
  3. 20.05.2026 11:14 2 articles · 1mo ago

    GitHub confirms exfiltration of internal repositories

    Initial Disclosure

    GitHub says it is investigating unauthorized access to its internal repositories and assesses that the activity involved exfiltration of GitHub-internal repositories only, with its current view directionally consistent with claims of roughly 3,800 repositories; TeamPCP also claims access to about ~4,000 repos of private code on the Breached cybercrime forum and asks for at least $50,000.

    Show sources