Read on app Read on app
✕
Prayer Times
  • Morocco
  • Lifestyle
  • Western Sahara
  • Login
Morocco World News
  • Home
  • Culture
  • Politics
  • Society
  • Economy
  • Opinion
  • Education
  • Sustainability
  • Tech
  • Sport
  • GITEX 2026
No Result
View All Result
Morocco World News
  • Home
  • Culture
  • Politics
  • Society
  • Economy
  • Opinion
  • Education
  • Sustainability
  • Tech
  • Sport
  • GITEX 2026
No Result
View All Result
Morocco World News

Home > Headlines > GitHub Breach Linked to TeamPCP Supply Chain Attack Spree

GitHub Breach Linked to TeamPCP Supply Chain Attack Spree

A poisoned VSCode extension opened the door.

Oumaima Moho AmerbyOumaima Moho Amer
May, 21, 2026
0 0
A A
GitHub said Tuesday night that hackers breached the open source code platform through a malicious extension for VSCode, the Microsoft-owned code editor used by many developers.

GitHub said Tuesday night that hackers breached the open source code platform through a malicious extension for VSCode, the Microsoft-owned code editor used by many developers.

Follow the latest news from Morocco World News

Join on WhatsApp Join on Telegram

Casablanca — GitHub said Tuesday night that hackers breached the open source code platform through a malicious extension for VSCode, the Microsoft-owned code editor used by many developers.

The group behind the attack, known as TeamPCP, claimed it accessed around 4,000 GitHub code repositories. GitHub confirmed it found at least 3,800 compromised repositories, saying its current findings show they contained GitHub’s own code and not customer code.

TeamPCP later advertised GitHub source code and internal organizations for sale on BreachForums, a cybercriminal forum and marketplace. The group said it was willing to send samples to interested buyers.

The breach is the latest in a long series of software supply chain attacks linked to TeamPCP. In these attacks, hackers corrupt legitimate software tools by hiding malicious code inside them. Once developers install the poisoned tools, the malware can steal credentials and help the attackers reach more systems.

A fast-growing attack cycle

Cybersecurity firm Socket said TeamPCP has carried out 20 waves of supply chain attacks in recent months. The attacks hid malware in more than 500 separate pieces of software, or well over 1,000 when counting different hijacked versions.

Wiz threat intelligence lead Ben Read said the group has breached hundreds of companies that installed affected software. Victims have included GitHub, OpenAI, Mercor, and others.

Researchers say the group’s method is cyclical. TeamPCP compromises a tool used by developers, plants malware in it, steals credentials from those who install it, and then uses those credentials to poison more developer tools.

Recently, the group appears to have automated parts of the operation with a worm known as Mini Shai-Hulud. The worm creates GitHub repositories containing encrypted stolen credentials and messages referencing Dune.

TeamPCP first emerged in late 2025, exploiting cloud misconfigurations and a vulnerability in Next.js. It used those attacks for credential theft and cryptocurrency mining before expanding into supply chain attacks.

Since March, the group has compromised or targeted tools and platforms, including Trivy, LiteLLM on PyPI, Checkmarx infrastructure, pgserve, TanStack, AntV, and Mistral AI.

The fallout has included breaches affecting the European Commission’s public website, Mercor, two OpenAI employee devices, and other organizations.

Researchers say long-lived credentials have helped the campaign spread. Palo Alto Networks’ Nathaniel Quist advised organizations to rotate GitHub, GitLab, cloud, and other access tokens.

Experts also recommend delaying non-urgent open source updates, checking new packages before deployment, and avoiding automatic updates when possible.

Morocco World News is also on X — check out our latest posts now! Get MWN on iOS and Android for instant access to breaking news.

Tags: Cyber attacksGitHub
TweetShareShareSendShareScan

Recent News

Lamine Yamal has said he does not regret choosing to represent Spain instead of Morocco, despite the anti-Muslim chants

Lamine Yamal: I Do Not Regret Choosing Spain Over Morocco

July 1, 2026
Spain international Lamine Yamal has revealed that he expected Morocco to eliminate the Netherlands from the 2026 FIFA World Cup.

Lamine Yamal: I Bet My Friends Morocco Would Beat Netherlands on Penalties

June 30, 2026
Brazil and Norway will meet in the Round of 16 on Sunday at MetLife Stadium in East Rutherford. It's the first time the two sides

World Cup 2026: Brazil Set to Face Norway in World Cup Round of 16

June 30, 2026
Morocco and the European Investment Bank (EIB) signed financing agreements worth €365 million on Tuesday in Rabat.

Morocco, EIB Sign €365 Million to Strengthen Road, Rail Networks

June 30, 2026
Ronald Koeman has announced his departure as the Netherlands head coach one day after Morocco eliminated the Oranje

Ronald Koeman Resigns as Netherlands Head Coach After Morocco Defeat

June 30, 2026

USEFUL LINKS

  • About
  • Privacy Policy
  • Contact
  • Careers
  • Terms Of Use
  • Cookies Policy

TOPICS

  • Mawazine 2025
  • Environment
  • Politics
  • Lifestyle
  • Sports
  • Western Sahara

REGIONS

  • International
  • Maghreb
  • Middle East
  • Africa

Download our App


Download the Morocco World News app on Google Play for Android

Download the Morocco World News app on the Apple App Store for iPhone and iPad

Copyright 2026 Morocco World News. All rights reserved. Morocco World News is not responsible for the content of external sites.
Read about our approach to external linking.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
  • Login
No Result
View All Result
  • Home
  • Culture
  • Politics
  • Society
  • Economy
  • Opinion
  • Education
  • Sustainability
  • Tech
  • Sport
  • GITEX 2026

Useful Links

  • Prayer Times

Useful Links:

  • Prayer Times

All Right Reserved © 2025 Morocco World News .

Contact us
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?