Find notable cyber news and cases, enriched with sources, timelines, and signals.

Single organization's private GitHub repository cloned after confirmed access

Data Leak
First reported
Last updated
Happening score
H score 12
1 unique sources, 1 articles

Summary

Hide ▲

Confirmed access to a private GitHub repository belonging to one organization marks a concrete data exposure and raises the risk of source-code or internal-content theft. The attackers took steps to clone the repository, showing that the operation moved beyond public reconnaissance. The event widens the impact of the broader GitHub abuse activity because protected repository data was reached, not just public metadata.

Related Happenings

GitHub API enumeration campaign targeting corporate organizations

Campaign
H score17 First: 09.07.2026 21:38 Last: 09.07.2026 21:38 Sources 1

How related: Datadog Security Labs is warning of "several overlapping campaigns" that are systematically enumerating corporate GitHub organizations, repositories, and user accounts through the GitHub API.

About this happening: A **GitHub API reconnaissance campaign** is systematically mapping **corporate organizations**, repositories, and user accounts across multiple companies, expanding the risk of fo...

GitHub Agentic Workflows indirect prompt injection security flaw

Vulnerability
H score27 First: 07.07.2026 17:04 Last: 07.07.2026 17:04 Sources 1

About this happening: **GitHub Agentic Workflows** has an **indirect prompt injection** flaw that can let a **public issue** leak content from **private repositories** into public comments. The risk is...

North Korean Contagious Interview PolinRider supply-chain campaign

Campaign
H score51 First: 04.07.2026 14:17 Last: 04.07.2026 14:17 Sources 1

About this happening: The **Contagious Interview / PolinRider** campaign is still active, with **108 unique packages and browser extensions** published across **npm, Packagist, Go, and Google Chrome**....

Miasma source code leak on GitHub

Data Leak
H score32 First: 10.06.2026 23:27 Last: 10.06.2026 23:27 Sources 1

About this happening: The **Miasma source code** was **briefly leaked on GitHub**, exposing malware framework code that could be copied, studied, and modified by other threat actors. The exposure repor...

Miasma supply-chain malware activity

Malware Activity
H score34 First: 10.06.2026 23:27 Last: 10.06.2026 23:27 Sources 1

About this happening: The **Miasma** malware activity is enabling **supply-chain compromise** by stealing **build environment** and **cloud credentials**, then using them to poison legitimate packages...

Timeline

  1. 09.07.2026 21:38 2 articles · 2h ago

    GitHub API campaigns enumerate corporate organizations and clone a private repository

    Victim Impact Update

    Datadog Security Labs warned that several overlapping campaigns were systematically enumerating corporate GitHub organizations, repositories, and user accounts through the GitHub API by combining automated scraping, custom or legitimate-sounding user agents, dormant ghost accounts created two to five years earlier, and compromised OAuth tokens and personal access tokens. In a few scenarios, attackers moved beyond public-data collection and took steps to clone a private repository belonging to a single organization.

    Show sources