Find notable cyber news and cases, enriched with sources, timelines, and signals.

GitHub hit by network compromise

Incident
First reported
Last updated
Happening score
H score 42
3 unique sources, 5 articles

Summary

Hide ▲

GitHub is investigating unauthorized access to its internal repositories after a third party allegedly offered stolen material for sale on a cybercrime forum. The intrusion was linked to a poisoned VS Code extension on an employee device and appears to have exposed internal source code and development data. GitHub said it removed the malicious extension, isolated the endpoint, and began incident response to contain the exposure. Later reporting said the access covered thousands of internal repositories and that critical secrets were rotated; no evidence of customer data outside the internal repositories has been identified so far.

Related Happenings

Codfish/semantic-release-action hit by network compromise

Incident
H score21 First: 26.06.2026 14:05 Last: 26.06.2026 14:05 Sources 1

About this happening: The **codfish/semantic-release-action** GitHub Action was hit by a **malicious commit force-push** and **tag redirection** that caused trusted workflows to run attacker code. The...

Claude Code GitHub Action bot trigger bypass security flaw

Vulnerability
H score31 First: 04.06.2026 18:15 Last: 04.06.2026 18:15 Sources 1

About this happening: **Anthropic's Claude Code GitHub Action** had a **trigger-check bypass** that let a malicious **GitHub issue** escalate into **repository takeover** for vulnerable public reposito...

Laravel Lang organization hit by network compromise

Incident
H score14 First: 23.05.2026 23:48 Last: 23.05.2026 23:48 Sources 1

About this happening: The **Laravel Lang organization** suffered a **repository compromise** that let attackers rewrite **GitHub tags** and ship malicious code through **Composer** installs. The affect...

Megalodon GitHub CI/CD supply-chain campaign

Campaign
H score50 First: 22.05.2026 14:55 Last: 22.05.2026 14:55 Sources 1

About this happening: The **Megalodon** campaign pushed **5,718 malicious commits** into **5,561 GitHub repositories** in about **six hours**, creating a broad **CI/CD secret-theft** risk across develo...

GitHub data exposed after GitHub breach

Data Leak
H score35 First: 20.05.2026 11:14 Last: 20.05.2026 11:14 Sources 1

How related: Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only. The attacker's current claims of ~3,800 repositories are directionally consistent with our investigation so far.

About this happening: GitHub confirmed **exfiltration** of **internal repositories**, making private code and related content potentially available to outsiders. Attackers on the **Breached cybercrime...

Timeline

  1. 20.05.2026 13:45 1 articles · 1mo ago

    GitHub removes malicious VS Code extension and isolates endpoint

    Mitigation Patch Update

    GitHub detected unauthorized access tied to a poisoned Visual Studio Code (VS Code) extension on an employee device, removed the malicious extension version, isolated the endpoint, and began incident response to contain exposure across internal repositories.

    Show sources
  2. 20.05.2026 13:45 2 articles · 1mo ago

    GitHub confirms unauthorized access to 3,800 internal repositories

    Initial Disclosure

    GitHub confirmed that a third party gained unauthorized access to 3,800 internal repositories; the intrusion was linked to a poisoned VS Code extension, and TeamPCP claimed the breach on Breached while demanding at least $50,000 for the stolen data and warning that it could be leaked for free if no buyer emerged.

    Show sources
  3. 20.05.2026 11:14 2 articles · 1mo ago

    GitHub detects employee-device compromise via poisoned VS Code extension

    Exploitation Observed

    GitHub detected a compromise of an employee device involving a poisoned VS Code extension, removed the malicious extension version from the VS Code marketplace, isolated the endpoint, and began incident response.

    Show sources
  4. 20.05.2026 07:01 3 articles · 1mo ago

    GitHub investigates unauthorized access to internal repositories

    Initial Disclosure

    GitHub said it is investigating unauthorized access to its internal repositories after TeamPCP listed GitHub source code and internal organizations for sale on a cybercrime forum, with the alleged dump said to include about 4,000 repositories. GitHub said it currently has no evidence of impact to customer information stored outside its internal repositories and is closely monitoring its infrastructure for follow-on activity, with customer notification to follow through established incident response and notification channels if any impact is discovered.

    Show sources
  5. 20.05.2026 07:01 3 articles · 1mo ago

    GitHub investigates unauthorized access to internal repositories

    Initial Disclosure

    GitHub said it is investigating unauthorized access to its internal repositories after TeamPCP listed GitHub source code and internal organizations for sale on a cybercrime forum, with the alleged dump said to include about 4,000 repositories. GitHub said it currently has no evidence of impact to customer information stored outside its internal repositories and is closely monitoring its infrastructure for follow-on activity, with customer notification to follow through established incident response and notification channels if any impact is discovered.

    Show sources
  6. 20.05.2026 07:01 3 articles · 1mo ago

    GitHub investigates unauthorized access to internal repositories

    Initial Disclosure

    GitHub said it is investigating unauthorized access to its internal repositories after TeamPCP listed GitHub source code and internal organizations for sale on a cybercrime forum, with the alleged dump said to include about 4,000 repositories. GitHub said it currently has no evidence of impact to customer information stored outside its internal repositories and is closely monitoring its infrastructure for follow-on activity, with customer notification to follow through established incident response and notification channels if any impact is discovered.

    Show sources