Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: source-code-theft (3 articles)Clear

GitHub confirms 3,800 internal repos stolen after employee installed malicious Nx Console VS Code extension (TeamPCP)

GitHub has confirmed that roughly 3,800 internal repositories were exfiltrated after one of its employees installed a malicious version of the Nx Console VS Code extension. The malicious extension has been pulled and the affected device has been isolated. GitHub's current assessment is that the activity was limited to internal repos and that no customer data stored outside them was touched. The numbers line up with the claim TeamPCP posted on Breached, where they offered the code for at least $50,000. The breach connects this week's Nx Console compromise to the broader TeamPCP campaign that also hit OpenAI and Grafana.

Check
Identify VS Code endpoints with the Nx Console extension. Confirm version is 18.100.0 or newer. Check for cat.py and kitty-monitor IoCs and outbound traffic to attacker C2 published by Nx.
Affected
Any developer machine that installed Nx Console 18.95.0 during the 11-minute window on May 18 (12:36-12:47 UTC). GitHub.com itself confirms 3,800 internal repos exfiltrated from one employee device.
Fix
Update to Nx Console 18.100.0. Audit access from GitHub-employee or contractor devices; rotate every credential, token, and SSH key reachable from machines that ran the trojanized version.

TeamPCP claims ~4,000 GitHub internal repos stolen and for sale on Breached forum, GitHub confirms investigation

GitHub said it is investigating after the cybercrime group TeamPCP listed 'GitHub's source code and internal orgs' for sale on the Breached forum, claiming access to about 4,000 internal repositories and asking at least $50,000. GitHub told BleepingComputer it has 'no evidence of impact to customer information stored outside of GitHub's internal repositories' and that customers will be alerted if that changes. TeamPCP is the same group behind the TanStack supply-chain attack that hit OpenAI and Grafana, the Aqua Trivy compromise, the LiteLLM infection, and the Mistral AI source-code theft. GitHub hosts code for 4 million organizations and 180 million developers.

Check
Audit GitHub Actions workflows for refs pulled via pull_request_target from forks. Inventory developer machines that synced internal-org repos in the last 30 days for unusual outbound git pushes.
Affected
GitHub.com users specifically: TeamPCP's claim is limited to GitHub's own internal repos so far. Downstream impact is possible if private code referencing customer secrets is leaked.
Fix
Wait for GitHub's official notification. Rotate any tokens or PATs that lived in repositories you suspect could be referenced by GitHub internal code, and assume secret-scanning rules might be reverse-engineered.

Cisco breached through Trivy supply chain attack - source code and AWS keys stolen

The TeamPCP supply chain campaign has claimed its biggest victim yet. Attackers used credentials stolen from the Trivy vulnerability scanner compromise to breach Cisco's internal development environment, stealing source code belonging to both Cisco and its customers. Multiple AWS keys were also taken and used for unauthorized activity across Cisco's cloud accounts. The company expects continued fallout from the follow-on LiteLLM and Checkmarx compromises in the same campaign.

Check
If your CI/CD pipelines used Trivy, LiteLLM, or Checkmarx KICS between March 19-27, audit for unauthorized access immediately.
Affected
Any organization that ran compromised versions of Trivy (v0.69.4+), LiteLLM (1.82.7-1.82.8), or Checkmarx KICS GitHub Actions during the exposure windows.
Fix
Pin Trivy to v0.69.3, trivy-action to v0.35.0, setup-trivy to v0.2.6. Rotate all pipeline secrets, AWS keys, SSH keys, and tokens. Block scan.aquasecurtiy[.]org and 45.148.10.212. Search GitHub orgs for repositories named tpcp-docs - their presence means data was exfiltrated.