CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Unauthorized access to GitHub internal repositories reported; TeamPCP claims data sale and expands malware campaign

First reported
Last updated
3 unique sources, 5 articles

Summary

Hide ▲

GitHub confirmed the unauthorized access to internal repositories stemmed from a trojanized VS Code extension installed by an employee, affecting approximately 3,800 repos, with containment measures including removal of the malicious extension, device isolation, and critical secret rotation. TeamPCP claimed responsibility, offering the alleged GitHub data dump for sale with a minimum price of $50,000 and explicitly stating this is not a ransom operation, while also threatening free release if no buyer is found. TeamPCP expanded operations by compromising the durabletask PyPI package with a Linux infostealer targeting credentials across cloud environments and forming partnerships with extortion and ransomware actors including Lapsus$ and Vect ransomware. TeamPCP's malware campaign, known as Mini Shai-Hulud, has impacted multiple entities beyond GitHub, including Grafana Labs. Grafana Labs confirmed a breach was caused by a missed GitHub workflow token rotation following the TanStack npm supply-chain attack, resulting in the exfiltration of operational information such as business contact names and email addresses. No customer production systems or operations were compromised, and the company stated that the codebase was not modified and users are not required to take any action.

Timeline

  1. 20.05.2026 07:01 5 articles · 15h ago

    TeamPCP claims access to GitHub internal repositories and expands Mini Shai-Hulud malware via durabletask compromise

    GitHub detected the breach on May 19, 2026, originating from a trojanized VS Code extension installed on an employee device. The company confirmed containment measures including removal of the malicious extension from the VS Code Marketplace, isolation of the affected device, and immediate initiation of incident response. GitHub prioritized rotation of critical secrets and highest-impact credentials during the response effort. The attacker's claimed exfiltration of ~3,800 repositories remains directionally consistent with internal investigation findings, and there remains no evidence of impact to customer data stored outside internal repositories. TeamPCP reiterated its claim of responsibility, explicitly stating the operation is not a ransom, will only sell the data to a single buyer for no less than $50,000, and will delete the data upon sale; if no buyer is found, they will leak the data for free. Grafana Labs confirmed a breach was enabled by a missed GitHub workflow token rotation following the TanStack npm supply-chain attack, which was part of the ongoing Mini Shai-Hulud campaign. The attacker used the token to access private repositories and exfiltrate operational information such as business contact names and email addresses. Grafana Labs stated no customer production systems or operations were compromised, the codebase was not modified, and users are not required to take any action.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Microsoft-disrupted Fox Tempest’s malware-signing-as-a-service infrastructure

Microsoft’s Digital Crimes Unit (DCU), in collaboration with the FBI and Europol’s EC3, has disrupted Fox Tempest’s malware-signing-as-a-service (MSaaS) infrastructure that provided fraudulent code-signing certificates for ransomware and malware operations. The takedown involved legal action in the US District Court for the Southern District of New York, sinkholing malicious domains, disabling hundreds of virtual machines on Cloudzy, and suspending roughly 1,000 accounts. Fox Tempest’s MSaaS platform abused Microsoft’s Artifact Signing to issue short-lived certificates valid for 72 hours, sold at tiered pricing from $5,000 to $9,000. The group collaborated with multiple ransomware operations, including Rhysida (Vanilla Tempest), Storm-2501, Storm-0249, INC, Qilin, BlackByte, and Akira, with attacks targeting critical sectors across the U.S., France, India, and China. The service evolved in February 2026 to offer pre-configured Cloudzy VMs, streamlining malicious binary signing and distribution. Microsoft’s operation, codenamed OpFauxSign, includes ongoing efforts to identify and pursue the group’s operators through undercover engagements and legal mechanisms.

Open in new tab

OpenAI, TanStack, and Mistral AI Impacted in Escalating Mini Shai-Hulud Supply Chain Campaign

The Mini Shai-Hulud supply chain campaign has escalated with a new wave of 639 compromised npm packages tied to the AntV ecosystem, including high-download dependencies such as echarts-for-react and timeago.js. The attack ran for roughly one hour on May 19, 2026, beginning at 01:56 UTC, publishing malicious versions from the compromised “atool” maintainer account that held rights for over 500 packages. Each compromised package added an obfuscated Bun bundle preinstall hook to harvest and exfiltrate credentials (cloud, CI/CD, SSH, Kubernetes, and password manager vaults) via GitHub repositories marked with Dune-themed names and the campaign's reversed signature. Earlier waves targeted TanStack and Mistral AI SDKs, SAP npm packages, and PyPI ecosystems (Lightning, intercom-client), while compromising GitHub Actions workflows ('actions-cool/issues-helper', 'actions-cool/maintain-one-comment') and hundreds of npm packages across multiple ecosystems. Affected organizations include OpenAI (two employee devices breached via TanStack), UiPath, Guardrails AI, OpenSearch, SAP, and hundreds of npm and PyPI packages. The malware harvests over 20 credential types, abuses OIDC tokens to forge Sigstore provenance attestations, implements self-propagation via stolen npm tokens, and includes a destructive sabotage payload targeting systems in Israel or Iran. The campaign is attributed to TeamPCP, which publicly released the Shai-Hulud source code, enabling rapid cloning and weaponization by other actors.

Open in new tab

Rockstar Games analytics data exfiltrated via third-party Snowflake compromise linked to Anodot breach

The extortion group ShinyHunters has expanded its campaign tied to the Anodot breach, claiming unauthorized access to Vimeo’s systems and threatening to leak data unless a ransom is paid. The attack leverages authentication tokens stolen from Anodot to compromise downstream victims, including Vimeo and Rockstar Games. Vimeo confirmed that exposed data included email addresses, technical data, video titles, and metadata, but excluded video content, credentials, and payment information. Operations remained unaffected, and Vimeo disabled Anodot integration and launched an investigation with law enforcement. Rockstar Games previously acknowledged a limited breach linked to the same third-party incident, with ShinyHunters leaking approximately 78.6 million records of internal analytics data. The compromised datasets included in-game revenue metrics, player behavior tracking, and Zendesk support analytics, with Rockstar asserting no operational impact.

Open in new tab

CERT-EU attributes European Commission cloud breach to TeamPCP with data exfiltration across 71 entities

The European Commission disclosed a breach of its Amazon cloud environment attributed to the TeamPCP threat group, resulting in the exposure of data belonging to 42 internal Commission entities and at least 29 additional EU Union entities. The intrusion, initially detected on March 24 — five days after the initial compromise — stemmed from a compromised AWS API key with management rights, stolen during the Trivy supply-chain attack, which was used to breach the Commission’s Amazon cloud infrastructure on March 10. TeamPCP subsequently leveraged cloud credential scanning tools like TruffleHog to locate and exfiltrate sensitive data, including tens of thousands of files with personal information, usernames, and email content. On March 28, the ShinyHunters data extortion group published a 90GB archive (340GB uncompressed) of the stolen dataset on a dark web leak site, containing personal data, email addresses, and content that may span multiple EU entities. No evidence of website defacement or lateral movement to other Commission AWS accounts was found.

Open in new tab

Supply chain compromise in Trivy scanner triggers CanisterWorm propagation across CI/CD pipelines

Supply chain compromise in the Trivy vulnerability scanner triggered the CanisterWorm propagation across CI/CD pipelines, now expanding to additional open-source ecosystems and involving multiple advanced threat actors. The TeamPCP threat group continues to monetize stolen supply chain secrets through partnerships with extortion groups including Lapsus$ and the Vect ransomware operation, with Wiz (Google Cloud) and Cisco confirming collaboration and horizontal movement across cloud environments. A new npm supply chain malware campaign discovered on April 24, 2026, shows self-propagating worm-like behavior via @automagik/genie and pgserve packages, stealing credentials and spreading across developer ecosystems while using Internet Computer Protocol (ICP) canisters for command and control. The malware shares technical similarities with prior TeamPCP campaigns, including post-install scripts and canister-based infrastructure, potentially indicating ongoing evolution of the threat actor's tactics or a new campaign leveraging established infrastructure. The Axios NPM package compromise via malicious versions 0.27.5 and 0.28.0 delivered a multi-platform RAT through a malicious dependency impersonating crypto-js, with attribution disputes suggesting either TeamPCP involvement or North Korean actor UNC1069 (Google's Threat Intelligence Group). Cisco's internal development environment was breached using stolen Trivy-linked credentials via a malicious GitHub Action, resulting in the theft of over 300 repositories including proprietary AI product code and customer data from banks, BPOs, and US government agencies. Multiple AWS keys were abused across a subset of Cisco's cloud accounts, with multiple threat actors participating in the breach.

Open in new tab