GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks.

Ars Technica is known for its  coverage of technology-related news and analysis, ranging from scientific breakthroughs to the latest gadgets and gaming developments. Readers can learn about emerging technologies, industry trends, and the societal impact of technological advancements through detailed articles and reviews.

Ars Technica

TeamPCP, a cybercriminal group, has carried out over 20 waves of software supply chain attacks in recent months, hiding malware in more than 500 open source packages. Their latest target is GitHub, where a developer installed a malicious VSCode extension, giving attackers access to approximately 3,800 internal code repositories. GitHub confirmed the breach but stated only its own code was affected, not customer data. TeamPCP is now advertising the stolen source code for sale on BreachForums. Cybersecurity firm Socket has been tracking the group's unprecedented attack spree.

A hacker group is poisoning open source code at an unprecedented scale

How The Callisto Protocol's Team Designed Its Terrifying, Immersive Audio