VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

GitHub investigates possible exposure of ~4,000 internal repositories

GitHub расследует возможную утечку ~4,000 внутренних репозиториев

Colleagues — a cybersecurity alert: GitHub is investigating unauthorized access after TeamPCP claimed to be selling data from roughly 4,000 internal repositories.

Key points:
- GitHub currently finds no evidence of customer data leaking outside internal repos; infrastructure is under monitoring.
- Separately, the Mini Shai‑Hulud campaign compromised the durabletask PyPI package (v1.4.1–1.4.3), adding a loader and a Linux stealer.
- The stealer exfiltrates cloud credentials, password managers and keys; spreads via SSM and kubectl; may use GitHub commits as fallback C2.

Why it matters: affected versions or leaked secrets can yield full compromise — revoke tokens, scan environments and block the packages.

How will you respond?

#cybersecurity #supplychain #GitHub #PyPI

Latest comments

No comments yet.