Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
GitHub Probes Alleged Security Breach by TeamPCP

GitHub Probes Alleged Security Breach by TeamPCP

Posted on May 20, 2026 By CWS

GitHub is currently delving into a potential security breach after the notorious cyber group, TeamPCP, claimed to have accessed the platform’s internal repositories. This revelation emerged as TeamPCP advertised GitHub’s source code and internal data for sale on a dark web forum.

TeamPCP’s Involvement in the Security Breach

The cybercrime incident has not affected customer data stored outside GitHub’s internal systems, according to the Microsoft-owned company. However, GitHub is vigilantly monitoring its infrastructure for any subsequent unauthorized activities. Customers will be promptly informed through official channels if any impact on their data is detected.

TeamPCP, already known for targeting open-source software with supply chain attacks, is allegedly demanding $50,000 for the data. The breach reportedly affects approximately 4,000 repositories. The group has stated that they are not interested in extortion, promising to delete the data if a buyer is found, or leak it for free otherwise.

Expansion of TeamPCP’s Malware Campaign

This breach comes amid TeamPCP’s ongoing malware operations, notably the Mini Shai-Hulud campaign, which has recently compromised the durabletask PyPI package. This software is an official Python client of Microsoft’s Durable Task framework, and the attack has resulted in three malicious versions: 1.4.1, 1.4.2, and 1.4.3.

The malware uses a dropper to deploy a second-stage payload from an external domain. This payload is an advanced infostealer targeting credentials from cloud providers, password managers, and developer tools, which are then sent to a domain controlled by the attackers. The malware is specifically designed to affect Linux systems.

Widespread Impact and Propagation Techniques

According to SafeDep, the malicious code can extract sensitive data, including HashiCorp Vault secrets and password vaults from platforms like 1Password and Bitwarden. It can also access SSH keys and Docker credentials. The worm has mechanisms to spread within AWS and Kubernetes environments, utilizing SSM and kubectl exec, respectively.

The malware employs a unique FIRESCALE mechanism to find backup command-and-control servers if the primary domain becomes unreachable. This technique involves scanning GitHub’s public commit messages for specific patterns to extract the necessary information.

The widespread use of the durabletask package, downloaded approximately 417,000 times monthly, means that many systems could be affected. Any system that has imported an infected version should be considered compromised, as the malware operates silently without any error messages or obvious indicators.

The situation highlights the ongoing threat of cyber attacks on software supply chains and the importance of robust security measures to protect internal and customer data.

The Hacker News Tags:cloud providers, cloud security, Cybercrime, Cybersecurity, data breach, GitHub, InfoStealer, malicious packages, Malware, Open Source, repository security, software supply chain, TeamPCP, threat actor

Post navigation

Previous Post: ShinyHunters’ Cyberattack Disrupts Online Learning Systems
Next Post: GitHub Security Breach: Internal Repositories Compromised

Related Posts

NSO Group Fined 8M for Targeting 1,400 WhatsApp Users With Pegasus Spyware NSO Group Fined $168M for Targeting 1,400 WhatsApp Users With Pegasus Spyware The Hacker News
Security Flaw in GitHub Action Exposes Repositories Security Flaw in GitHub Action Exposes Repositories The Hacker News
BadIIS Malware Spreads via SEO Poisoning — Redirects Traffic, Plants Web Shells BadIIS Malware Spreads via SEO Poisoning — Redirects Traffic, Plants Web Shells The Hacker News
Critical n8n Vulnerability Allows System Commands Execution Critical n8n Vulnerability Allows System Commands Execution The Hacker News
AI Skill Bypasses Security, Affects Thousands AI Skill Bypasses Security, Affects Thousands The Hacker News
Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Microsoft Enhances Windows 11 OOBE with New Update
  • Government Pays $1M to Prevent Data Leak by Kairos Group
  • North Korean Hackers Launch PolinRider Campaign
  • Critical ‘Bad Epoll’ Flaw Risks Linux and Android Security
  • PamStealer Targets macOS Users via Fake Clipboard Manager

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Microsoft Enhances Windows 11 OOBE with New Update
  • Government Pays $1M to Prevent Data Leak by Kairos Group
  • North Korean Hackers Launch PolinRider Campaign
  • Critical ‘Bad Epoll’ Flaw Risks Linux and Android Security
  • PamStealer Targets macOS Users via Fake Clipboard Manager

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark