GitHub Confirms Cyberattack Targeting Thousands of Internal Repositories

GitHub confirmed unauthorized access to thousands of internal repositories after a TeamPCP-linked attacker compromised an employee workstation via a malicious VS Code extension; GitHub says there is no evidence customer repositories were affected and rotated credentials while investigating. The report profiles TeamPCP as a cloud-focused criminal operation that uses automated internet-wide scanning to exploit exposed Docker, Kubernetes, Ray, and Redis services to build distributed infrastructure for proxying, hosting C2, extortion, ransomware, and cryptomining.