English(EN) 🕵🏻‍♂️ [InfoSec MASHUP] 21/2026 - The Supply Chain Didn't Break. It Was Walked. This week's issue reads like a case study in cascade failure. A malicious VS Code

TeamPCP 利用 GitHub、Grafana 和 VS Code 进行供应链攻击

作者 PulseAugur 编辑部 · [1 个来源] · 2026-05-25 08:45

一个由 TeamPCP 组织发起的一系列协调网络攻击，利用了整个软件供应链的漏洞。这些攻击始于一个在 GitHub 员工设备上的恶意 VS Code 扩展，导致数千个内部代码库被窃取。其他事件包括通过未轮换的令牌泄露 Grafana，一个广泛使用的 GitHub Action 被攻破，以及在公共电子表格中发现敏感凭证，这凸显了供应链风险的普遍性。 AI

排序理由该集群详细描述了一次协调且复杂的供应链攻击，影响了多个知名平台和工具，导致大量数据被窃取，并突显了网络攻击的一个重大转变 [lever_c_demoted from significant: ic=1 ai=0.1]

在 Mastodon — sigmoid.social 阅读 →

其他

AI 生成摘要 · Google Gemini · 来自 1 个来源。我们如何撰写摘要 →

报道来源 [1]

Mastodon — sigmoid.social TIER_1 English(EN) · [email protected] · 2026-05-25 08:45

🕵🏻‍♂️ [InfoSec MASHUP] 21/2026 - The Supply Chain Didn't Break. It Was Walked. This week's issue reads like a case study in cascade failure. A malicious VS Code

🕵🏻‍♂️ [InfoSec MASHUP] 21/2026 - The Supply Chain Didn't Break. It Was Walked. This week's issue reads like a case study in cascade failure. A malicious VS Code extension on one # GitHub employee's device leads to 3,800 internal repositories exfiltrated — by # TeamPCP , the same …

链接 infosec-mashup.santolaria.net/…/infosec-m… infosec-mashup.santolaria.net

报道来源 [1]

🕵🏻‍♂️ [InfoSec MASHUP] 21/2026 - The Supply Chain Didn't Break. It Was Walked. This week's issue reads like a case study in cascade failure. A malicious VS Code

相关实体

相关话题