🕵🏻♂️ [InfoSec MASHUP] 21/2026 - The Supply Chain Didn't Break. It Was Walked. This week's issue reads like a case study in cascade failure. A malicious VS Code
A coordinated series of cyberattacks, attributed to the group TeamPCP, has exploited vulnerabilities across the software supply chain. These attacks, which began with a malicious VS Code extension on a GitHub employee's device, led to the exfiltration of thousands of internal repositories. Further incidents include the compromise of Grafana via an unrotated token, a breach of a widely used GitHub Action, and the discovery of sensitive credentials in a public spreadsheet, highlighting the pervasive nature of supply chain risks. AI