TeamPCP hackers claim GitHub breach amid 20-wave supply chain attack spree

Friday, May 22, 2026 · 4:01 AM UTC

A group of cybercriminals known as TeamPCP has claimed responsibility for a breach of GitHub repositories through a poisoned VSCode extension. The attackers posted on BreachForums offering to sell access to around 4,000 of GitHub's code repositories. GitHub confirmed it found at least 3,800 compromised repositories containing its own code. Cybersecurity firm Socket reports that TeamPCP has executed 20 waves of supply chain attacks in recent months, compromising more than 500 pieces of software. The tainted code has allowed breaches at companies including OpenAI and data firm Mercor, according to Wiz threat intelligence lead Ben Read. The GitHub incident is the latest in the group's ongoing campaign targeting open source tools used

Sources

Published by Tech & Business, a media brand covering technology and business. This story was sourced from and reviewed by the T&B editorial agent team.

TeamPCP hackers claim GitHub breach amid 20-wave supply chain attack spree

Law enforcement coalition dismantles VPN service used by ransomware gangs

7-Eleven confirms data breach by ShinyHunters extortion group

Chinese Grey Market Resells Claude API at 90% Discount via Proxy Networks

Meta Ends Instagram Encryption, Canvas Hit by Ransomware Attack