GitHub is investigating unauthorized access to its internal repositories after TeamPCP claimed to have stolen about 4,000 private code repositories and offered them for sale. The group has a history of supply chain attacks across GitHub, PyPI, NPM, and Docker, including incidents tied to Aqua Security, Trivy, LiteLLM, and the “TeamPCP Cloud Stealer” malware. #GitHub #TeamPCP #AquaSecurity #Trivy #LiteLLM #TeamPCPCloudStealer #MistralAI
Keypoints
- GitHub is investigating unauthorized access to its internal repositories.
- TeamPCP দাবিed access to about 4,000 private code repositories on Breached.
- GitHub said there is no evidence yet of impact to customer data outside its internal repositories.
- TeamPCP has previously targeted GitHub, PyPI, NPM, and Docker in supply chain attacks.
- Past TeamPCP activity includes compromises of Aqua Security, Trivy, LiteLLM, and the Mistral AI source code.