CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Unauthorized access to GitHub internal repositories reported; TeamPCP claims data sale and expands malware campaign

First reported
Last updated
3 unique sources, 7 articles

Summary

Hide ▲

GitHub confirmed the unauthorized access to internal repositories stemmed from a trojanized Nx Console VS Code extension installed by an employee, which was live on the Visual Studio Marketplace for only eighteen minutes before removal. The extension, poisoned via a developer’s compromised system linked to the TanStack supply chain attack, executed a stealthy credential stealer targeting data from 1Password, Anthropic Claude Code, npm, GitHub, and AWS. GitHub’s Chief Information Security Officer stated there is no evidence of impact to customer data stored outside internal repositories, and the company has rotated critical secrets as part of containment. TeamPCP claimed responsibility, offering the alleged GitHub data dump for sale with a minimum price of $50,000 and threatening free release if no buyer is found. TeamPCP expanded operations by compromising the durabletask PyPI package with a Linux infostealer targeting credentials across cloud environments and forming partnerships with extortion and ransomware actors including Lapsus$ and Vect ransomware. Grafana Labs confirmed a breach was caused by a missed GitHub workflow token rotation following the TanStack npm supply-chain attack, resulting in the exfiltration of operational information such as business contact names and email addresses without compromising customer production systems. GitHub has now explicitly linked the breach vector to the TanStack npm supply-chain attack, which compromised dozens of TanStack and Mistral AI packages and leaked developer GitHub credentials via the GitHub CLI (gh), enabling the poisoning of the Nx Console extension used in the intrusion.

Timeline

  1. 20.05.2026 07:01 7 articles · 2d ago

    TeamPCP claims access to GitHub internal repositories and expands Mini Shai-Hulud malware via durabletask compromise

    GitHub has now explicitly linked the breach vector to the TanStack npm supply-chain attack, which compromised dozens of TanStack and Mistral AI packages and leaked developer GitHub credentials via the GitHub CLI (gh). This enabled the poisoning of the Nx Console VS Code extension (nrwl.angular-console) used in the intrusion, which was available on the Visual Studio Marketplace for approximately 18 minutes and on OpenVSX for 36 minutes before removal. Microsoft and OpenVSX reported download numbers for the poisoned extension were extremely low: 28 downloads on VS Code Marketplace and 41 on OpenVSX, with 6,000 extension activations recorded two days post-attack. GitHub CISO Alexis Wales reiterated that no evidence of customer data compromise outside internal repositories has been found and that critical secrets were rotated as part of incident response.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Microsoft-disrupted Fox Tempest’s malware-signing-as-a-service infrastructure

Microsoft’s Digital Crimes Unit (DCU), in collaboration with the FBI and Europol’s EC3, has disrupted Fox Tempest’s malware-signing-as-a-service (MSaaS) infrastructure that provided fraudulent code-signing certificates for ransomware and malware operations. The takedown involved legal action in the US District Court for the Southern District of New York, sinkholing malicious domains, disabling hundreds of virtual machines on Cloudzy, and suspending roughly 1,000 accounts. Fox Tempest’s MSaaS platform abused Microsoft’s Artifact Signing to issue short-lived certificates valid for 72 hours, sold at tiered pricing from $5,000 to $9,000. The group collaborated with multiple ransomware operations, including Rhysida (Vanilla Tempest), Storm-2501, Storm-0249, INC, Qilin, BlackByte, and Akira, with attacks targeting critical sectors across the U.S., France, India, and China. The service evolved in February 2026 to offer pre-configured Cloudzy VMs, streamlining malicious binary signing and distribution. Microsoft’s operation, codenamed OpFauxSign, includes ongoing efforts to identify and pursue the group’s operators through undercover engagements and legal mechanisms.

Open in new tab

Compromised node-ipc npm Package Versions Deploy Stealer Payload via Obfuscated Backdoor

Three legitimate versions of the widely used node-ipc npm package (9.1.6, 9.2.3, and 12.0.1) were republished with malicious stealer/backdoor code by an unauthorized maintainer account named 'atiertant', triggering on require('node-ipc') and exfiltrating developer and cloud secrets to a rogue C2 server. The attack features novel evasion tactics including DNS-based exfiltration via a fake Azure-themed domain (sh.azurestaticprovider[.]net), conditional payload execution in version 12.0.1, and targeted collection of 90 categories of credentials. This incident follows a prior 2022 protest-related compromise where the original maintainer added destructive capabilities to versions 10.1.1 and 10.1.2 targeting systems in Russia or Belarus, yet node-ipc retains over 690,000 weekly downloads. Security vendors (Socket, Ox Security, Upwind) confirmed the malicious nature of the affected versions, which skip large files and avoid scanning .git and node_modules directories to reduce operational noise.

Open in new tab

OpenAI, TanStack, and Mistral AI Impacted in Escalating Mini Shai-Hulud Supply Chain Campaign

The Mini Shai-Hulud supply chain campaign has escalated with a new wave of 639 compromised npm packages tied to the AntV ecosystem, including high-download dependencies such as echarts-for-react and timeago.js. The attack ran for roughly one hour on May 19, 2026, beginning at 01:56 UTC, publishing malicious versions from the compromised “atool” maintainer account that held rights for over 500 packages. Each compromised package added an obfuscated Bun bundle preinstall hook to harvest and exfiltrate credentials (cloud, CI/CD, SSH, Kubernetes, and password manager vaults) via GitHub repositories marked with Dune-themed names and the campaign's reversed signature. Earlier waves targeted TanStack and Mistral AI SDKs, SAP npm packages, and PyPI ecosystems (Lightning, intercom-client), while compromising GitHub Actions workflows ('actions-cool/issues-helper', 'actions-cool/maintain-one-comment') and hundreds of npm packages across multiple ecosystems. Affected organizations include OpenAI (two employee devices breached via TanStack), UiPath, Guardrails AI, OpenSearch, SAP, and hundreds of npm and PyPI packages. The malware harvests over 20 credential types, abuses OIDC tokens to forge Sigstore provenance attestations, implements self-propagation via stolen npm tokens, and includes a destructive sabotage payload targeting systems in Israel or Iran. The campaign is attributed to TeamPCP, which publicly released the Shai-Hulud source code, enabling rapid cloning and weaponization by other actors.

Open in new tab

Rockstar Games analytics data exfiltrated via third-party Snowflake compromise linked to Anodot breach

The extortion group ShinyHunters has expanded its campaign tied to the Anodot breach, claiming unauthorized access to Vimeo’s systems and threatening to leak data unless a ransom is paid. The attack leverages authentication tokens stolen from Anodot to compromise downstream victims, including Vimeo and Rockstar Games. Vimeo confirmed that exposed data included email addresses, technical data, video titles, and metadata, but excluded video content, credentials, and payment information. Operations remained unaffected, and Vimeo disabled Anodot integration and launched an investigation with law enforcement. Rockstar Games previously acknowledged a limited breach linked to the same third-party incident, with ShinyHunters leaking approximately 78.6 million records of internal analytics data. The compromised datasets included in-game revenue metrics, player behavior tracking, and Zendesk support analytics, with Rockstar asserting no operational impact.

Open in new tab

CERT-EU attributes European Commission cloud breach to TeamPCP with data exfiltration across 71 entities

The European Commission disclosed a breach of its Amazon cloud environment attributed to the TeamPCP threat group, resulting in the exposure of data belonging to 42 internal Commission entities and at least 29 additional EU Union entities. The intrusion, initially detected on March 24 — five days after the initial compromise — stemmed from a compromised AWS API key with management rights, stolen during the Trivy supply-chain attack, which was used to breach the Commission’s Amazon cloud infrastructure on March 10. TeamPCP subsequently leveraged cloud credential scanning tools like TruffleHog to locate and exfiltrate sensitive data, including tens of thousands of files with personal information, usernames, and email content. On March 28, the ShinyHunters data extortion group published a 90GB archive (340GB uncompressed) of the stolen dataset on a dark web leak site, containing personal data, email addresses, and content that may span multiple EU entities. No evidence of website defacement or lateral movement to other Commission AWS accounts was found.

Open in new tab