GitHub confirms breach — thousands of internal repositories hit

TeamPCP continues its attack on open source projects, now apparently asking for $50,000.
The Hacker News

Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.

New GitHub Zero-Day Exposed Developer Tokens to Attackers

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and ...

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.

US agency warns of supply chain threats to DevOps and cloud tools

CISA warns that GitHub repos are being abused via a malicious Nx Console Visual Studio Code extension.