GitHub internal repositories private-code leak claim
Data Leak
Summary
Hide ▲
Show ▼
GitHub is facing a claimed leak of internal repositories after TeamPCP said it had access to about 4,000 private-code repos and tried to sell samples. The alleged exposure could put source code and internal development material at risk if the claim is genuine. GitHub says it has no evidence yet that customer data stored outside its internal repositories was affected.
Related Happenings
Megalodon GitHub CI/CD supply-chain campaign
Campaign
First: 22.05.2026 14:55
Last: 22.05.2026 14:55
Sources 1
About this happening:
The **Megalodon** campaign pushed **5,718 malicious commits** into **5,561 GitHub repositories** in about **six hours**, creating a broad **CI/CD secret-theft** risk across develo...
Megalodon GitHub CI/CD supply-chain campaign
CampaignAbout this happening: The **Megalodon** campaign pushed **5,718 malicious commits** into **5,561 GitHub repositories** in about **six hours**, creating a broad **CI/CD secret-theft** risk across develo...
GitHub data exposed after GitHub breach
Data Leak
First: 20.05.2026 11:14
Last: 20.05.2026 11:14
Sources 1
About this happening:
GitHub confirmed **exfiltration** of **internal repositories**, making private code and related content potentially available to outsiders. Attackers on the **Breached cybercrime...
GitHub data exposed after GitHub breach
Data LeakAbout this happening: GitHub confirmed **exfiltration** of **internal repositories**, making private code and related content potentially available to outsiders. Attackers on the **Breached cybercrime...
GitHub hit by network compromise
Incident
First: 20.05.2026 07:01
Last: 20.05.2026 07:01
Sources 1
How related:
The security team at the Microsoft-owed software developer platform warned on May 19 that an attacker gained unauthorized access to 3800 internal repositories via a “poisoned” VS Code extension found on an employee device.
About this happening:
GitHub is investigating unauthorized access to its internal repositories after a third party allegedly offered stolen material for sale on a cybercrime forum. The intrusion was li...
GitHub hit by network compromise
IncidentHow related: The security team at the Microsoft-owed software developer platform warned on May 19 that an attacker gained unauthorized access to 3800 internal repositories via a “poisoned” VS Code extension found on an employee device.
About this happening: GitHub is investigating unauthorized access to its internal repositories after a third party allegedly offered stolen material for sale on a cybercrime forum. The intrusion was li...
Latest development: 20.05.2026 13:45
GitHub detected unauthorized access tied to a poisoned Visual Studio Code (VS Code) extension on an employee device, removed the malicious extension version, isolated the endpoint, and began incident response to contain exposure across internal repositories.
Grafana Labs source code leak and extortion demand
Data Leak
First: 19.05.2026 12:15
Last: 19.05.2026 12:15
Sources 1
About this happening:
The **Grafana Labs** codebase was **downloaded from its GitHub environment**, creating a risk that proprietary source code could be **released or misused**. The company said **no...
Grafana Labs source code leak and extortion demand
Data LeakAbout this happening: The **Grafana Labs** codebase was **downloaded from its GitHub environment**, creating a risk that proprietary source code could be **released or misused**. The company said **no...
Rwl.angular-console (Nx Console) hit by network compromise
Incident
First: 19.05.2026 10:49
Last: 19.05.2026 10:49
Sources 1
About this happening:
The **Nx Console** extension **rwl.angular-console 18.95.0** was compromised on the **VS Code Marketplace**, exposing **developers** to a **credential-stealing** payload and suppl...
Rwl.angular-console (Nx Console) hit by network compromise
IncidentAbout this happening: The **Nx Console** extension **rwl.angular-console 18.95.0** was compromised on the **VS Code Marketplace**, exposing **developers** to a **credential-stealing** payload and suppl...
Timeline
-
21.05.2026 17:45 1 articles · 6d ago
Malicious Nx Console extension caused GitHub breach
Technical Analysis UpdateA malicious version of Nx Console 18.95.0 was uploaded to Visual Studio Marketplace and Open VSX on May 18, fetched an obfuscated payload, and harvested secrets from ~/.vault-token, /etc/vault/token, .npmrc, ghp_/gho_/ghs_ tokens, AWS metadata, and other local sources; GitHub said the poisoned VS Code extension led to unauthorized access to about 3800 internal repositories.
Show sources
- GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension — www.infosecurity-magazine.com — 21.05.2026 17:45
-
20.05.2026 08:08 1 articles · 7d ago
TeamPCP claims access to GitHub internal repositories
Initial DisclosureTeamPCP claims access to GitHub's source code and internal orgs, says there are around ~4,000 repos of private code, offers samples to verify authenticity, and asks for at least $50,000 from a buyer.
Show sources
- GitHub investigates internal repositories breach claimed by TeamPCP — www.bleepingcomputer.com — 20.05.2026 08:08
-
20.05.2026 08:08 1 articles · 7d ago
GitHub investigates internal repository access
Victim Impact UpdateGitHub says it is investigating unauthorized access to GitHub's internal repositories, has no evidence that customer information stored outside those repositories was affected, and will alert affected customers through established notification and incident response channels if evidence emerges.
Show sources
- GitHub investigates internal repositories breach claimed by TeamPCP — www.bleepingcomputer.com — 20.05.2026 08:08