GitHub said it is investigating unauthorized access to its internal repositories after TeamPCP listed its source code and internal organizations for sale, while also confirming a compromised employee device tied to a poisoned Visual Studio Code extension. The same threat actor is expanding the Mini Shai-Hulud campaign through the compromised durabletask PyPI package, which delivers a Linux-focused infostealer and worm-like propagation across cloud and developer environments. #GitHub #TeamPCP #MiniShaiHulud #durabletask #VisualStudioCode
Keypoints
- GitHub is investigating unauthorized access to its internal repositories.
- TeamPCP claimed to sell GitHub source code and about 4,000 repositories.
- GitHub said it contained an employee-device compromise tied to a poisoned VS Code extension.
- TeamPCP also compromised the durabletask PyPI package in the Mini Shai-Hulud campaign.
- The malicious package steals credentials and can spread across AWS and Kubernetes environments.
Read More: https://thehackernews.com/2026/05/github-investigating-teampcp-claimed.html