Morning Overview on MSN

The GitHub break-in began on one developer’s laptop and a poisoned coding add-on — then spread to the keys guarding code inside thousands of companies

Sometime in early 2026, a software developer did what millions of programmers do every week: updated a dependency. The ...
Tech Times

500 Poisoned Packages, Hundreds of Companies: TeamPCP’s Worm Just Reached GitHub

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate ...

Hackers breach GitHub and access 3,800 internal repositories now listed for sale

GitHub has said it found about 3,800 internal repositories accessed in the breach and stressed that these contained its own code rather than customer projects. The ...

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has ...
CSOonline

Major GitHub repos leak access tokens putting code and clouds at risk

Build artifacts generated by GitHub Actions often contain access tokens that can be abused by attackers to push malicious code into projects or compromise cloud infrastructure. An analysis of build ...
Bleeping Computer

GitHub now can auto-block token and API key leaks for all repos

GitHub is now automatically blocking the leak of sensitive information like API keys and access tokens for all public code repositories. Today's announcement comes after the company introduced push ...
Security Boulevard

Grafana Labs Refuses to Pay Ransom After Codebase Theft

What happened Grafana Labs confirmed over the weekend that an unauthorized party obtained a GitHub access token and used it to download the company’s codebase. The extortion group CoinbaseCartel ...

Grafana says stolen GitHub token let hackers steal codebase

Grafana Labs disclosed that hackers have downloaded its source code after breaching its GitHub environment using a stolen ...