A hacker group known as TeamPCP has claimed responsibility for breaching approximately 3,800 internal GitHub repositories. The breach occurred after an employee installed a malicious Visual Studio Code extension, which granted the attackers access to the developer's device and internal source code. TeamPCP is reportedly attempting to sell the stolen data for at least $50,000, rather than demanding a ransom. GitHub has confirmed the incident, stating that critical secrets and credentials have been rotated and that there is no evidence of customer data or public repositories being impacted. AI
Summary written by gemini-2.5-flash-lite from 1 source. How we write summaries →
IMPACT Highlights the significant security risks associated with AI coding assistants and other developer tools in the software supply chain.
RANK_REASON The cluster describes a security incident involving a compromised developer tool (VS Code extension) leading to a breach of internal repositories, which falls under the 'tool' category for security-related events.
