Skip to content
The Nexus
SECURITYMay 22 · 10:30 UTCARS TECHNICAAndy Greenberg and Lily Hay Newman, WIRED.com

A hacker group is poisoning open source code at an unprecedented scale

A hacker group called TeamPCP has breached GitHub through a poisoned VSCode extension installed by a developer, compromising approximately 3,800-4,000 repositories containing GitHub's internal source code. The attack represents an escalation in software supply chain attacks, with TeamPCP now conducting such breaches on a near-weekly basis and extorting victims. The group is attempting to sell GitHub's source code and internal organization data on BreachForums.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this