GitHub is investigating a reported breach of its internal infrastructure after the threat actor known as TeamPCP claimed on an underground forum to be selling source code and data from roughly 4,000 of the company’s private repositories. In an initial statement, the Microsoft-owned platform said it is probing unauthorized access to internal repos but currently has no evidence that customer information outside those internal projects has been affected, and no indication that public GitHub.com repositories or services have been altered.
TeamPCP has emerged in 2026 as one of the most aggressive software supply-chain actors, conducting multi-stage compromises against widely trusted developer and security tooling. Researchers at Palo Alto Networks’ Unit 42 report that between late February and March 2026, the group systematically compromised Aqua Security’s Trivy and Checkmarx KICS vulnerability scanners, the LiteLLM AI gateway, and the official Telnyx Python SDK, injecting infostealer payloads into GitHub Actions workflows and PyPI packages to siphon cloud tokens, SSH keys and Kubernetes secrets directly from build pipelines and hosts running the tools according to their analysis. Unit 42 estimates that TeamPCP may have exfiltrated over 300 GB of data and around 500,000 credentials, and notes the group has publicly aligned itself with the Vect ransomware operation.
Additional technical detail from the Sysdig Threat Research Team shows how TeamPCP leveraged those stolen credentials to expand its reach. Sysdig’s investigators describe how, on March 19, 2026, the actor compromised Aqua Security’s Trivy GitHub Action to execute a credential-stealing payload across thousands of CI/CD pipelines, then reused harvested tokens days later to poison an unrelated GitHub Action for Checkmarx AST with an identical infostealer that exfiltrated secrets to a typosquatted domain in their published report. That pattern of pivoting from one trusted integration to another using stolen CI/CD access is central to concerns about how a breach of GitHub’s own internal repos could play out.
GitHub has not disclosed how the alleged access to its internal repositories may have occurred, and there is no public evidence so far that connects this incident directly to the earlier Trivy, KICS, LiteLLM or Telnyx compromises. However, given TeamPCP’s demonstrated ability to harvest and weaponize access tokens from developer tooling, investigators will be scrutinizing whether any GitHub employee or service credentials were exposed via prior supply-chain attacks. As of now, no related CVE identifier or detailed advisory has been published for the GitHub incident, and no independent third party has verified the authenticity or completeness of the data TeamPCP claims to be selling.
Even if the breach were limited to GitHub’s internal repositories, the stakes are high. Source code for proprietary platform components, internal services, and security tooling can reveal implementation details, threat models, and sometimes embedded secrets that attackers can use to identify new vulnerabilities or craft highly targeted phishing and social-engineering campaigns against GitHub staff and customers. The forum listing’s reference to “internal organizations” suggests the data set could include internal project structures and configuration, which would give adversaries a detailed map of GitHub’s environment and potentially inform future intrusion attempts, even if no direct customer data is present in the leaked code.
Until GitHub publishes a full incident report, security teams that rely on the platform are treating the claims with caution and focusing on hardening their own use of GitHub. Independent researchers, including those at Unit 42 and Sysdig, have already urged organizations targeted in earlier TeamPCP operations to rotate all secrets accessible from CI runners, audit GitHub Actions workflows for unusual scripts and outbound connections, and pin Actions to specific commit SHAs rather than floating tags to limit supply-chain blast radius. Those same principles apply here: enterprises are advised to review and rotate GitHub personal access tokens and OAuth app credentials used in CI/CD, enforce multi-factor authentication and least-privilege access on GitHub organizations, and monitor for anomalous activity in repositories and Actions runs while awaiting further guidance from GitHub and, potentially, government advisories.
