DigiNews

Summary

GitHub confirms unauthorized access to internal repositories; TeamPCP claims to have exfiltrated data from about 4,000 private repos and is auctioning the data. The attacker group's pattern of abusing CI/CD credentials and privileged access tokens is highlighted, with GitHub investigating and no customer data confirmed to be impacted yet. The piece also notes prior incidents involving CI/CD tools and supply-chain risks, underscoring ongoing threats to software development pipelines.