After TeamPCP posted a $50,000 offer for 4,000 private GitHub repositories, the data was transferred to LAPSUS$, the price doubled to $95,000, and the breach highlighted a supply‑chain attack chain that now threatens infrastructure credentials and prompts urgent self‑audit steps.
On May 20, GitHub disclosed that a compromised VS Code extension installed by an employee allowed the hacker group TeamPCP to steal credentials, clone roughly 3,800 private repositories, and list the source code for a $50,000 auction on the dark web, highlighting a severe software‑supply‑chain threat.
In May 2026 GitHub disclosed that a malicious VS Code extension installed on an employee’s machine led to the theft of roughly 3,800 private repositories by the threat group TeamPCP, which demanded $50 k for the data, claimed the breach was about availability, and later expanded the campaign into a supply‑chain worm targeting PyPI packages and cloud credentials.
An obscure hacker group, TeamPCP, used an AI agent powered by Anthropic’s Claude to trick the open‑source security scanner Trivy into revealing its GitHub credentials, then injected malicious code into Trivy’s updates and subsequently compromised the AI gateway LiteLLM, exposing critical supply‑chain vulnerabilities in popular AI development tools.
In March 2026, attackers hijacked the official PyPI maintainer account of LiteLLM, released two malicious versions that were downloaded 46,996 times in 46 minutes, exfiltrated credentials, launched a fork‑bomb, and demonstrated how unpinned dependencies and .pth files can turn a simple package install into a full‑scale supply‑chain breach.
