TeamPCP claims 4,000 GitHub repos after poisoned VSCode plug-in; 3,800 confirmed

Wired reports the group has hidden malware in 500+ open source tools across 20 waves, breaching hundreds of companies and now offering GitHub code for sale.

By ยท Published

Why it matters

Software supply chain compromises now scale from a single poisoned plug-in to hundreds of companies in days. For founders and operators, developer environments are now frontline assets: lock down extensions, rotate and scope credentials, gate publishing rights, and add supply chain scanning and repo segmentation before a worm rides your build system into production.

A corrupted or breached digital code repository, specifically GitHub, infested with hidden malware. (Hand-drawn editorial illustration using watercolor wet-on-wet washes for the corrupted areas, sharp ink line accents for code structures, a

GitHub was breached after a developer installed a poisoned VSCode extension, with attackers claiming access to roughly 4,000 internal repositories and GitHub confirming at least 3,800 compromised repos, according to Wired. The hackers, a group calling itself TeamPCP, advertised GitHub source code and internal orgs for sale on a criminal forum; GitHub said the repos contained its own code, not customer code, per the report.

The GitHub incident is part of what security firm Socket describes as 20 waves of software supply chain attacks hiding malware in more than 500 distinct open source packages, impacting hundreds of organizations, Wired reports. Victims have included OpenAI and Mercor. Ben Read of Wiz told Wired the GitHub breach may be TeamPCP's biggest yet, but is not qualitatively different from a string of recent compromises.

TeamPCP's playbook targets developers themselves: compromise a widely used tool, land on developer machines, steal credentials, then publish malicious versions of more tools to repeat the cycle. Wired reports the group has automated parts of this with a worm dubbed Mini Shai-Hulud that spreads via repos seeded with stolen credentials and Dune references. Philipp Burckhardt of Socket said the crew is chasing exposure and attention.

Per Wired, TeamPCP surfaced in late 2025 abusing cloud misconfigurations and a Next.js flaw to assemble a botnet for credential theft and cryptomining, then leaned into worms and token theft to push deeper into networks.

Reader comments

Conversation for this story loads after sign-in.