Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

GitHub hit by network compromise

Incident
First reported
Last updated
Happening score
H score 28
3 unique sources, 5 articles

Summary

Hide ▲

GitHub is investigating unauthorized access to its internal repositories after a third party allegedly offered stolen material for sale on a cybercrime forum. The intrusion was linked to a poisoned VS Code extension on an employee device and appears to have exposed internal source code and development data. GitHub said it removed the malicious extension, isolated the endpoint, and began incident response to contain the exposure. Later reporting said the access covered thousands of internal repositories and that critical secrets were rotated; no evidence of customer data outside the internal repositories has been identified so far.

Related Happenings

Laravel Lang organization hit by network compromise

Incident
First: 23.05.2026 23:48 Last: 23.05.2026 23:48 Sources 1

About this happening: The **Laravel Lang organization** suffered a **repository compromise** that let attackers rewrite **GitHub tags** and ship malicious code through **Composer** installs. The affect...

Open Happening

Megalodon GitHub CI/CD supply-chain campaign

Campaign
First: 22.05.2026 14:55 Last: 22.05.2026 14:55 Sources 1

About this happening: The **Megalodon** campaign pushed **5,718 malicious commits** into **5,561 GitHub repositories** in about **six hours**, creating a broad **CI/CD secret-theft** risk across develo...

Open Happening

GitHub data exposed after GitHub breach

Data Leak
First: 20.05.2026 11:14 Last: 20.05.2026 11:14 Sources 1

How related: Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only. The attacker's current claims of ~3,800 repositories are directionally consistent with our investigation so far.

About this happening: GitHub confirmed **exfiltration** of **internal repositories**, making private code and related content potentially available to outsiders. Attackers on the **Breached cybercrime...

Open Happening

GitHub internal repositories private-code leak claim

Data Leak
First: 20.05.2026 08:08 Last: 20.05.2026 08:08 Sources 1

How related: "No low ball offers will be accepted, everything for the main platform is there and I very am happy to send samples to interested buyers to verify the absolute authenticity. There is a total of around ~4,000 repos of private code here," they said.

About this happening: GitHub is facing a claimed leak of **internal repositories** after **TeamPCP** said it had access to about **4,000 private-code repos** and tried to sell samples. The alleged expo...

Latest development: 21.05.2026 17:45

A malicious version of Nx Console 18.95.0 was uploaded to Visual Studio Marketplace and Open VSX on May 18, fetched an obfuscated payload, and harvested secrets from ~/.vault-token, /etc/vault/token, .npmrc, ghp_/gho_/ghs_ tokens, AWS metadata, and other local sources; GitHub said the poisoned VS Code extension led to unauthorized access to about 3800 internal repositories.

Open Happening

Rwl.angular-console (Nx Console) hit by network compromise

Incident
First: 19.05.2026 10:49 Last: 19.05.2026 10:49 Sources 1

About this happening: The **Nx Console** extension **rwl.angular-console 18.95.0** was compromised on the **VS Code Marketplace**, exposing **developers** to a **credential-stealing** payload and suppl...

Open Happening

Timeline

  1. 20.05.2026 13:45 1 articles · 7d ago

    GitHub removes malicious VS Code extension and isolates endpoint

    Mitigation Patch Update

    GitHub detected unauthorized access tied to a poisoned Visual Studio Code (VS Code) extension on an employee device, removed the malicious extension version, isolated the endpoint, and began incident response to contain exposure across internal repositories.

    Show sources
    Open in new tab
  2. 20.05.2026 13:45 2 articles · 7d ago

    GitHub confirms unauthorized access to 3,800 internal repositories

    Initial Disclosure

    GitHub confirmed that a third party gained unauthorized access to 3,800 internal repositories; the intrusion was linked to a poisoned VS Code extension, and TeamPCP claimed the breach on Breached while demanding at least $50,000 for the stolen data and warning that it could be leaked for free if no buyer emerged.

    Show sources
    Open in new tab
  3. 20.05.2026 11:14 2 articles · 7d ago

    GitHub detects employee-device compromise via poisoned VS Code extension

    Exploitation Observed

    GitHub detected a compromise of an employee device involving a poisoned VS Code extension, removed the malicious extension version from the VS Code marketplace, isolated the endpoint, and began incident response.

    Show sources
    Open in new tab
  4. 20.05.2026 07:01 3 articles · 7d ago

    GitHub investigates unauthorized access to internal repositories

    Initial Disclosure

    GitHub said it is investigating unauthorized access to its internal repositories after TeamPCP listed GitHub source code and internal organizations for sale on a cybercrime forum, with the alleged dump said to include about 4,000 repositories. GitHub said it currently has no evidence of impact to customer information stored outside its internal repositories and is closely monitoring its infrastructure for follow-on activity, with customer notification to follow through established incident response and notification channels if any impact is discovered.

    Show sources
    Open in new tab
  5. 20.05.2026 07:01 3 articles · 7d ago

    GitHub investigates unauthorized access to internal repositories

    Initial Disclosure

    GitHub said it is investigating unauthorized access to its internal repositories after TeamPCP listed GitHub source code and internal organizations for sale on a cybercrime forum, with the alleged dump said to include about 4,000 repositories. GitHub said it currently has no evidence of impact to customer information stored outside its internal repositories and is closely monitoring its infrastructure for follow-on activity, with customer notification to follow through established incident response and notification channels if any impact is discovered.

    Show sources
    Open in new tab
  6. 20.05.2026 07:01 3 articles · 7d ago

    GitHub investigates unauthorized access to internal repositories

    Initial Disclosure

    GitHub said it is investigating unauthorized access to its internal repositories after TeamPCP listed GitHub source code and internal organizations for sale on a cybercrime forum, with the alleged dump said to include about 4,000 repositories. GitHub said it currently has no evidence of impact to customer information stored outside its internal repositories and is closely monitoring its infrastructure for follow-on activity, with customer notification to follow through established incident response and notification channels if any impact is discovered.

    Show sources
    Open in new tab