惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

博客园_首页
阮一峰的网络日志
阮一峰的网络日志
S
Secure Thoughts
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
C
Cyber Attacks, Cyber Crime and Cyber Security
T
Threat Research - Cisco Blogs
P
Privacy & Cybersecurity Law Blog
The Hacker News
The Hacker News
H
Heimdal Security Blog
W
WeLiveSecurity
L
LINUX DO - 热门话题
Hacker News: Ask HN
Hacker News: Ask HN
WordPress大学
WordPress大学
The Last Watchdog
The Last Watchdog
Hugging Face - Blog
Hugging Face - Blog
博客园 - 【当耐特】
D
DataBreaches.Net
I
Intezer
Webroot Blog
Webroot Blog
C
Cisco Blogs
AWS News Blog
AWS News Blog
博客园 - 聂微东
T
The Blog of Author Tim Ferriss
V
Vulnerabilities – Threatpost
罗磊的独立博客
Google DeepMind News
Google DeepMind News
N
Netflix TechBlog - Medium
Schneier on Security
Schneier on Security
宝玉的分享
宝玉的分享
博客园 - 叶小钗
PCI Perspectives
PCI Perspectives
D
Docker
Scott Helme
Scott Helme
NISL@THU
NISL@THU
J
Java Code Geeks
B
Blog RSS Feed
Google Online Security Blog
Google Online Security Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
T
The Exploit Database - CXSecurity.com
AI
AI
美团技术团队
Cloudbric
Cloudbric
月光博客
月光博客
P
Proofpoint News Feed
T
Tailwind CSS Blog
Google DeepMind News
Google DeepMind News
小众软件
小众软件
www.infosecurity-magazine.com
www.infosecurity-magazine.com
The Cloudflare Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org

SiliconANGLE

Will agentic AI governance run amok? The lesson of Asimov’s Three Laws - SiliconANGLE AI + quantum, Amazon vs. Starlink and the wide-open US-China internet battle - SiliconANGLE Team Cymru launches Total Insights Feed to replace legacy threat intelligence lists - SiliconANGLE AI Mode in Chrome adds split-screen view to enhance the web search experience - SiliconANGLE Resolve AI raises $40M at $1.5B valuation to optimize production environments - SiliconANGLE How Zscaler and OpenAI turn zero-trust security into an AI accelerator - SiliconANGLE OpenAI ratchets up Codex's agentic capabilities to rival Claude Code - SiliconANGLE Anthropic launches Claude Opus 4.7 with coding, visual reasoning improvements - SiliconANGLE Slash raises $100M at a $1.4B valuation to expand AI-powered banking platform for online businesses - SiliconANGLE Canva unveils Canva AI 2.0, recasting its platform as an agentic system for work - SiliconANGLE Data center, consumer device chips boost TSMC’s revenue - SiliconANGLE Mission-critical security cannot be bolted on, says Oracle - SiliconANGLE Agentic infrastructure reshapes enterprise AI - SiliconANGLE Data quality, and data freedom, foundational for AI success - SiliconANGLE Data trust is a bedrock in successful, scalable AI outcomes - SiliconANGLE Google introduces new agentic AI-ready tools and resources for Android developers  - SiliconANGLE Agentic AI orchestration separates winners from laggards - SiliconANGLE Data-driven tools turning the tide against human trafficking - SiliconANGLE Achieving trusted AI development goes beyond 'vibes' - SiliconANGLE Impinj boosts edge computing power in updated R700 RAIN RFID reader - SiliconANGLE Certinia powers professional services with AI - SiliconANGLE Antioch prepares to accelerate simulated testing for autonomous robots after raising $8.5M - SiliconANGLE Developer tooling startup Expo nabs $45M investment - SiliconANGLE Solidroad lands $25M to bring AI to customer support interactions - SiliconANGLE DuploCloud lands compliance and AI governance certifications as enterprise buyers tighten scrutiny - SiliconANGLE Lua lands $5.8M to help businesses build and manage AI agent workforces - SiliconANGLE Best of frenemies: Oracle's and AWS' clouds unite with dedicated, private connectivity - SiliconANGLE NIST shifts National Vulnerability Database to risk-based triage as CVE submissions hit record levels - SiliconANGLE Cisco goes to the races with new Churchill Downs multiyear partnership - SiliconANGLE Susecon 2026 will tackle the future of open-source platforms - SiliconANGLE Seriously? Footwear brand Allbirds says it has just transformed into an AI business - SiliconANGLE Hilbert nabs $28M to ease analytics projects for consumer-focused companies - SiliconANGLE Qlik debuts new agentic capabilities, aiming to enhance AI trust and transparency - SiliconANGLE Google's Gemini 3.1 Flash TTS model offers unparalleled control over AI voices - SiliconANGLE Parasail raises $32M for its pay-per-token inference cloud - SiliconANGLE Distributed multicloud architectures reshape data - SiliconANGLE Scaling the AI factory through conversational analytics - SiliconANGLE AI-driven decision-making reshapes analytics - SiliconANGLE Artemis reels in $70M to make breach remediation more efficient with AI - SiliconANGLE Cloud infrastructure: Google Cloud growth drives market - SiliconANGLE Trusted data foundation is a gating factor for enterprise AI - SiliconANGLE Redefining database infrastructure with Oracle AI database - SiliconANGLE Oracle makes database key for agentic AI development - SiliconANGLE Oracle bets on AI database convergence for agentic AI - SiliconANGLE Quantum technologies drive EU strategy for hybrid computing - SiliconANGLE Hybrid quantum-HPC computing reshapes infrastructure - SiliconANGLE Quantum computing meets HPC in hybrid models - SiliconANGLE Quantum-HPC integration enters 'software moment' - SiliconANGLE DeepMind launches Gemini Robotics-ER 1.6 to meet precise physical AI demands  - SiliconANGLE GrowthLoop targets real-time, causal decisioning with AI-infused marketing platform - SiliconANGLE Stendr snags $5.4M in pre-seed funding to develop AI-native drone-tracking tech - SiliconANGLE Salesforce bets on conversation as the new interface for developers - SiliconANGLE Emergent launches Wingman: a personal AI agent for everyone  - SiliconANGLE Axonius targets remediation gap with AI, cyber-physical assets and data trust layer - SiliconANGLE Capsule Security launches with $7M to secure AI agents at runtime - SiliconANGLE Leapwork hands off code validation to AI agents to keep pace with automated software development - SiliconANGLE SolarWinds accelerates observability with SW1, an 'agentic AI teammate' that automates IT firefighting - SiliconANGLE AI satellite constellation startup Orbital gets funded by a16z to verify space-based data center concept - SiliconANGLE Helical raises $10M to bridge the gap between foundation models and drug discovery decisions - SiliconANGLE Sectigo launches Private PQC to enable post-quantum certificate testing in existing workflows - SiliconANGLE German startup Synera lands $40M to automate engineering workflows with AI agents - SiliconANGLE Leadership shifts redefine enterprise AI - SiliconANGLE OpenAI partners with Novo Nordisk to accelerate drug discovery and delivery - SiliconANGLE Amazon debuts high-speed satellite internet antenna for commercial aircraft - SiliconANGLE Japanese tech giants launch joint venture targeting physical AI for robots and machines - SiliconANGLE Electric pickup truck startup Slate Auto raises $650M in funding - SiliconANGLE Zoom Perspectives: Why 'agentic' work is the new enterprise standard - SiliconANGLE China has erased the US lead in AI, Stanford HAI's 2026 AI index reveals - SiliconANGLE Cloudflare expands Agent Cloud with new tools to build and scale AI agents - SiliconANGLE Commvault rolls out AI capabilities to secure agentic workflows and data - SiliconANGLE Digital employees are here: What now? - SiliconANGLE Report: Cisco could acquire AI agent security startup Astrix Security for $250M+ - SiliconANGLE CoreWeave inks multiyear cloud deal with Anthropic - SiliconANGLE Agentic AI will force a rethink at the network edge - SiliconANGLE AI training data startup AfterQuery nabs $30M investment - SiliconANGLE Quantum computing market picks up steam - SiliconANGLE Healthcare IT under siege: CloudWave is fighting back - SiliconANGLE Cloud rebalancing gives service providers a new edge - SiliconANGLE Anthropic tries to keep its new AI model away from cyberattackers as enterprises look to tame AI chaos - SiliconANGLE Nutanix expands agentic AI infrastructure for neoclouds - SiliconANGLE Meta says it will spend an additional $21B on CoreWeave's AI infrastructure - SiliconANGLE Florida AG opens probe into ChatGPT alleging connection to FSU shooting - SiliconANGLE Cisco buys Galileo to strengthen Splunk's agentic monitoring capabilities - SiliconANGLE RISC-V chip design startup SiFive nabs $400M investment - SiliconANGLE Anthropic and OpenAI target big businesses with enterprise-grade controls and lower pricing - SiliconANGLE Intel inks multiyear data center chip partnership with Google - SiliconANGLE Apiiro launches command-line interface to bring AI-native security into software development workflows - SiliconANGLE Yobi teams with Microsoft to deliver predictive consumer intelligence on Azure - SiliconANGLE Amazon CEO Andy Jassy highlights AI growth in annual shareholder letter - SiliconANGLE Is a backlash brewing? Rapid innovation in AI coding and agents may force push for enterprise order and control - SiliconANGLE AI-driven guest experience reshapes hospitality IT strategy - SiliconANGLE Tether launches open-source on-device AI framework for developers - SiliconANGLE Database lifecycle management top priority in enterprise AI - SiliconANGLE AWS previews a cloud-agnostic registry for managing agentic fleets at scale - SiliconANGLE Nutanix bets on agentic AI governance - SiliconANGLE AI infrastructure modernization drives storage rethink - SiliconANGLE Haast raises $12M to help legal teams make haste with compliant AI-generated content - SiliconANGLE Blaize launches AI Services platform to move enterprise AI from pilot to production - SiliconANGLE Wasabi to acquire Seagate's Lyve Cloud business - SiliconANGLE Refiant raises $5M to refine AI models with 'nature-inspired' energy efficiency - SiliconANGLE
GitHub confirms breach of 3,800 internal repos after employee installs poisoned VS Code extension - SiliconANGLE
Duncan Riley · 2026-05-21 · via SiliconANGLE

GitHub confirms breach of 3,800 internal repos after employee installs poisoned VS Code extension

GitHub Inc. has confirmed that hackers exfiltrated roughly 3,800 of its internal code repositories after one of its employees installed a poisoned Visual Studio Code extension, the Microsoft Corp.-owned developer platform disclosed late Tuesday.

The breach was detected on May 19 and traced to a malicious extension that GitHub’s security team found on the employee’s device. GitHub said the compromise has been contained and that customer data and code stored on the platform were not affected.

“We removed the malicious extension version, isolated the endpoint and began incident response immediately,” GitHub said in a series of posts on X. “Critical secrets were rotated yesterday and overnight with the highest-impact credentials prioritized first.”

GitHub has not named the extension or said how it reached the employee’s device. A fuller post-incident report is promised once the investigation wraps.

The hacking group TeamPCP claimed the breach on the Breached cybercrime forum, posting GitHub’s source code and what it said was about 4,000 private repositories for sale at a starting price of $50,000. TeamPCP said it would sell only to a single buyer and would dump the data publicly if no offer came in. GitHub put the real number closer to 3,800 but said TeamPCP’s claim was “directionally consistent” with what its own investigation had found.

TeamPCP has spent much of 2026 hitting developer ecosystems. Campaigns tied to the group have compromised Aqua Security’s Trivy vulnerability scanner, Checkmarx Inc.’s KICS infrastructure-as-code analyzer, the LiteLLM Python client and Telnyx LLC’s official software development kit, with downstream victims including the European Commission. The group has also used typosquatting on the Python Package Index and, according to security researchers, formed working partnerships with extortion and ransomware operators including Lapsus$ and the Vect ransomware group.

GitHub hosts code for more than 100 million developers, which makes its own source code a prize for attackers looking for footholds across the wider software industry. Visual Studio Code extensions, meanwhile, have become a recurring problem. Researchers have flagged trojanized listings on the marketplace used to harvest credentials, mine cryptocurrency and exfiltrate data, with some racking up large install counts before being pulled.

Part of the problem is design. Visual Studio Code extensions run with broad permissions on developer machines and sit alongside source code, credentials and build pipelines, which puts them in a position most endpoint security tools cannot see into.

Discussing the news, Morey Haber, chief security advisor at privileged access security firm BeyondTrust Corp., told SiliconANGLE via email that the breach is a reminder that developer environments now carry the same strategic value as core enterprise infrastructure.

“Developer workstations now possess the same strategic value as domain controllers, and access to source code repositories, secrets, SSH keys, cloud credentials, signing certificates and deployment pipelines can transform a single compromised endpoint into a cascading supply chain incident,” Haber said. “TeamPCP appears to have understood this attack path, and their recent activity demonstrates a systematic focus on poisoning trusted developer ecosystems rather than directly attacking hardened infrastructure.”

Agnidipta Sarkar, chief evangelist at zero trust microsegmentation provider ColorTokens Inc., noted that the bigger concern may be what attackers can do with GitHub’s own platform code rather than what they took from the repositories themselves.

“Attackers now have access to GitHub’s own platform code, Actions runners, authentication flows, secret scanning, Copilot backend and more and that is enough knowledge to launch zero-days, convincing phishing or bypasses that affect users later, even if customer repos were not touched,” Sarkar said. “Security teams should treat GitHub as potentially compromised upstream, inventory all GitHub connections and rotate or reset all auth and access, especially API keys and immediately move to cryptographic passwordless identities.”

Image: GitHub

A message from John Furrier, co-founder of SiliconANGLE:

Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.

  • 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
  • 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.

About SiliconANGLE Media

SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.