Casablanca — GitHub said Tuesday night that hackers breached the open source code platform through a malicious extension for VSCode, the Microsoft-owned code editor used by many developers.
The group behind the attack, known as TeamPCP, claimed it accessed around 4,000 GitHub code repositories. GitHub confirmed it found at least 3,800 compromised repositories, saying its current findings show they contained GitHub’s own code and not customer code.
TeamPCP later advertised GitHub source code and internal organizations for sale on BreachForums, a cybercriminal forum and marketplace. The group said it was willing to send samples to interested buyers.
The breach is the latest in a long series of software supply chain attacks linked to TeamPCP. In these attacks, hackers corrupt legitimate software tools by hiding malicious code inside them. Once developers install the poisoned tools, the malware can steal credentials and help the attackers reach more systems.
A fast-growing attack cycle
Cybersecurity firm Socket said TeamPCP has carried out 20 waves of supply chain attacks in recent months. The attacks hid malware in more than 500 separate pieces of software, or well over 1,000 when counting different hijacked versions.
Wiz threat intelligence lead Ben Read said the group has breached hundreds of companies that installed affected software. Victims have included GitHub, OpenAI, Mercor, and others.
Researchers say the group’s method is cyclical. TeamPCP compromises a tool used by developers, plants malware in it, steals credentials from those who install it, and then uses those credentials to poison more developer tools.
Recently, the group appears to have automated parts of the operation with a worm known as Mini Shai-Hulud. The worm creates GitHub repositories containing encrypted stolen credentials and messages referencing Dune.
TeamPCP first emerged in late 2025, exploiting cloud misconfigurations and a vulnerability in Next.js. It used those attacks for credential theft and cryptocurrency mining before expanding into supply chain attacks.
Since March, the group has compromised or targeted tools and platforms, including Trivy, LiteLLM on PyPI, Checkmarx infrastructure, pgserve, TanStack, AntV, and Mistral AI.
The fallout has included breaches affecting the European Commission’s public website, Mercor, two OpenAI employee devices, and other organizations.
Researchers say long-lived credentials have helped the campaign spread. Palo Alto Networks’ Nathaniel Quist advised organizations to rotate GitHub, GitLab, cloud, and other access tokens.
Experts also recommend delaying non-urgent open source updates, checking new packages before deployment, and avoiding automatic updates when possible.
Morocco World News is also on X — check out our latest posts now! Get MWN on iOS and Android for instant access to breaking news.

Join on WhatsApp
Join on Telegram







