GitHub Confirms Breach, 4K Internal Repos Stolen
Open source software giant GitHub confirmed a data breach this week involving the theft of thousands of repos. One threat actor — TeamPCP — took credit.
Dark Reading Articles
Updated 3 min ago · 4 articles from Dark Reading
Fake Android Apps Commit Carrier Billing Fraud for Premium Svcs.
The disguised apps use WebView automation, JavaScript injection, and OTP interception to avoid detection and complete fraudulent subscriptions.
CISA Exposes Secrets, Credentials in 'Private' Repo
The agency's GitHub repository, publicly available since November 2025, was ironically named "Private-CISA."
Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain
Hundreds of npm packages infected by the self-propagating, credential-stealing worm from TeamPCP are related to the open source TanStack ecosystem.