Himmy32 - Slashdot User

Submission + - GitHub's Internal Repos breached through employee's use of VS Code Extension (techcrunch.com)

Submitted by Himmy32 on Wednesday May 20, 2026 @02:05PM

Himmy32 writes: GitHub has announced on X that their internal repositories have been breached through a compromised VS Code Extension on an employee's workstation. Bleeping Computer reported that the attack is linked to TeamPCP who have been in the news for a recent campaign affecting Checkmarx, Trivy, SAP, TanStack, and Bitwarden. The group appears to be attempting to sell the stolen code on cybercrime forums.

Submission + - Bitwarden CLI is the next compromise in supply chain campaign (socket.dev)

Submitted by Himmy32 on Thursday April 23, 2026 @04:41PM

Himmy32 writes: Socket Security published an article on the compromise of the Bitwarden CLI client was pushed from their Client Repository. This breach was the next in a chain of supply chain attacks which have affected Checkmarx KICS and Aqua Security's Trivy scanners.

The breach was quickly detected and reported by JFrog on the GitHub repository who provided a technical writeup.

The Bitwarden team has released statements on a blog post indicating that the compromise did not affect vault or customer data. Only 334 downloads of the affected CLI client were downloaded before removal and remediation.

Slashdot Top Deals