GitHub is investigating unauthorized access to its internal repositories after TeamPCP claimed to have accessed approximately 4,000 repositories containing private code. The claim follows the group's history of supply chain attacks on GitHub, PyPI, NPM, Docker and other platforms including the recent Trivy and LiteLLM compromises.

GitHub is looking into claims by the TeamPCP hacking collective that it gained entry to roughly 4,000 of the company’s private internal code repositories.
The firm’s cloud-based development service supports more than 4 million organizations, including 90% of the Fortune 100, along with over 180 million developers who help maintain more than 420 million repositories.
As always this is not a ransom, We do not care about extorting Github, 1 buyer and we shred the data on our end, it looks like our retirement is soon so if no buyer is found we will leak it free.
GitHub told BleepingComputer it has “no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories)” while it continues to watch its infrastructure for any further suspicious activity. The company added that any customers found to be affected will receive notifications through its standard incident-response procedures.
On the Breached forum Tuesday, TeamPCP posted that it had obtained “Github’s source code and internal orgs” and demanded payment of at least $50,000. The group stated, “No low ball offers will be accepted, everything for the main platform is there and I very am happy to send samples to interested buyers to verify the absolute authenticity. There is a total of around ~4,000 repos of private code here.”
TeamPCP continued, “As always this is not a ransom, We do not care about extorting Github, 1 buyer and we shred the data on our end, it looks like our retirement is soon so if no buyer is found we will leak it free. If you are interested. Send your offers to the communications below, we are not interested in under 50k, the best offer will get it.”
The Trivy breach also affected the LiteLLM open-source Python library in an attack that infected tens of thousands of devices with its "TeamPCP Cloud Stealer" information-stealing malware.
The collective has been tied to earlier supply-chain intrusions aimed at several major developer platforms such as GitHub, PyPI, NPM, and Docker. In March it breached Aqua Security’s Trivy vulnerability scanner; that incident is thought to have triggered follow-on compromises of Aqua Security Docker images and the Checkmarx KICS project.
The same Trivy compromise also hit the LiteLLM open-source Python library, delivering the group’s “TeamPCP Cloud Stealer” information-stealing malware to tens of thousands of devices. More recently TeamPCP was connected to the “Mini Shai-Hulud” supply-chain operation, which reached devices belonging to two OpenAI employees, and it threatened to publish Mistral AI source code obtained through stolen CI/CD credentials.
Update May 20, 04:17 EDT: GitHub has now confirmed the breach of ~3,800 internal repositories after an employee installed a malicious VS Code extension.
Expert Take: Cloud administrators should audit CI/CD credentials and scanner tool integrity across their supply chains to limit exposure to repeated TeamPCP-style attacks.
Tap a lens to see what this story means for you.
Reader-supported · Daily Brief
Daily brief at 7 AM ET. Top tech stories, every morning. Sourced and fact-checked.
See what’s happening right now
The Feed runs all day — short, verified briefs the moment they break.
Open the FeedFollow @thecircuitry_
Every story we publish, as it happens. No noise between.
Reader-supported
The Circuitry is a passion project I've always wanted to build, and I love the work behind it.
Running it costs real money. APIs, hosting, time. To keep improving the site and growing this into something useful for everyone, those costs have to be covered.
Any contribution is appreciated. If not, no pressure. Thanks for reading.
Progress Software has begun contacting organizations that run Storage Zone Controllers for its ShareFile platform, directing them to turn off the associated Windows servers at once because of what the firm calls a "credible external security threat" aimed at the on-premises component. Cloud access has been blocked as a precaution while the company and outside experts investigate.
China enacted a temporary helium export ban on July 10, 2026 to safeguard domestic supplies amid ongoing Middle East supply risks. The step highlights concerns over prolonged global shortages of the irreplaceable gas used in chipmaking and medical imaging.
Attackers are exploiting CVE-2026-20896 in Gitea’s official Docker image to impersonate any user via a single trusted header. The critical flaw affects default configurations of instances up to version 1.26.2, prompting urgent upgrades to 1.26.4 and log reviews.