Breaking 18:15 France seizes 2.5 tonnes of cannabis hidden in container at Le Havre Port 18:00 Ukraine calls for joint probe with Monaco into bombing case targeting Ukrainian businessman 17:45 Morocco’s ADM opens new Harhoura Centre highway exit to improve traffic flow 17:30 XPENG Maroc introduces the new P7+ premium electric sedan 17:15 Ségolène Royal enters French Socialist primary race ahead of 2027 presidential election 17:00 Morocco introduces new biometric passport featuring Amazigh language integration 16:45 Northern China prepares for severe rainfall as Typhoon Bavi approaches 16:30 Turkey seeks swift progress on lifting US sanctions and F-35 fighter jet deal 16:15 IEA chief calls on EU to reassess Arctic drilling policy amid energy security concerns 16:00 Federal Reserve warns inflation accelerated as tariffs, energy costs and AI investment fuel price pressures 15:45 German automakers suffer steep China sales decline as local rivals gain momentum 15:30 Shopify orders merchants to remove vape products from online stores 15:15 UK police open murder investigation into death of former minister Ann Widdecombe 15:13 111SKIN launches at Mazagan Beach & Golf Resort, marking its first Hotel Collaboration in Morocco 15:00 Baker Hughes secures conditional EU approval for $13.6 billion Chart Industries acquisition 14:45 Bank of Canada expected to keep interest rates unchanged as inflation pressures ease 14:30 Trump rejects bipartisan housing affordability bill, protests Senate inaction 14:30 Bad Bunny's Super Bowl LX show sets historic record at the Emmy Awards 14:15 EU set to launch in-depth antitrust review of Saipem-Subsea 7 merger 14:00 Mali says around 100 militants killed during military operations in the country's north 13:45 Brussels hosts international donor conference to strengthen financial support for the Palestinian Authority 13:30 Falcon advances Morocco battery ambitions with new pilot facility 12:45 Spain forest fire in Almería leaves 11 dead and 19 people missing 12:30 SoftBank and PayPay explore investment in seven & i holdings 12:15 Greece announces summer fuel price cuts after government deal with refineries 12:01 Meta faces EU pressure to redesign addictive Instagram and Facebook features 12:00 Ebola outbreak in DR Congo remains highly active as death toll reaches 625 12:00 Casablanca receives 31 new security vehicles as DGSN modernizes emergency police fleet 11:45 Portugal moves to liberalise rental market with faster evictions and end of rent controls 11:34 Shein receives China approval for Hong Kong IPO after failed New York and London plans 11:32 TV Ratings: The France-Morocco quarterfinal sets a record for M6 11:30 Olivier Faure voices disappointment after French socialists reject open primary for 2027 election 11:17 Former French secretary of state Yves Jégo charged over suspected influence peddling case 11:15 Xavier Niel to become Vodafone’s largest shareholder in €5.1 billion investment 11:00 Greece arrests three suspects over deadly firebomb attacks linked to ruling party figures 10:56 France teenager dies during World Cup celebrations after Bleus Victory over Morocco 10:45 France Inter, RTL and France Info lose listeners as music radio gains momentum 10:44 World Cup 2026: Spain and Belgium compete for a semi-final spot against France 10:44 Vienna raises tourist tax to support premium travel experience amid record visitor numbers 10:33 Poland generates first power from Baltic Power, its first offshore wind farm 10:30 Carrefour expands Crypto access in France with Bitcoin, Ethereum and Solana gift cards 10:28 Morocco’s tax authority releases 2026 incentive guide for transport sector 10:21 Bentley Torcal opens a new era for ultra-luxury grand touring 10:15 Bad Bunny and Taylor Swift lead music categories at 2026 Emmy Awards 10:00 Bangladesh’s Sheikh Hasina plans December return despite death sentence 09:45 SK Hynix raises $26.5 billion ahead of landmark Wall Street listing fueled by AI chip demand 09:30 Francofolies 2026 open in extreme heat with Aya Nakamura, Julien Clerc and 150,000 Festivalgoers expected 09:15 ECB faces renewed inflation challenge as US-Iran conflict pushes energy prices higher 09:00 Florida’s Palm Beach International Airport renamed after President Donald Trump 08:45 French Centrists Unite to back a single candidate for the 2027 presidential election 08:30 Peru’s President-elect Keiko Fujimori seeks to restore diplomatic relations with Mexico 08:15 Australia detects H5 Avian Influenza in native seabird for the first time 08:00 North Korea announces expansion of nuclear capabilities and military intelligence 07:45 TikTok tightens crackdown on AI-generated spam accounts to protect users and creators 07:30 Volkswagen rescue plan faces uncertainty after stakeholder talks end without concrete measures 07:15 UNESCO calls for wider debt-for-education swaps to address global school funding crisis 07:00 Bayer secures €3 billion from Apollo in contraceptives business investment deal 21:40 Turkish and Iranian foreign ministers discuss regional developments and ceasefire 21:38 Morocco reaffirms support for Côte d’Ivoire’s development plan through stronger economic partnerships

GitHub internal repositories breached through malicious VS Code extension

Wednesday 20 May 2026 - 13:06
By: Dakir Madiha
GitHub internal repositories breached through malicious VS Code extension

GitHub has confirmed that nearly 3,800 internal repositories were compromised after an employee installed a malicious Visual Studio Code extension, exposing one of the most serious supply chain security incidents to affect a major software development platform in recent years.

The intrusion was claimed by TeamPCP, a hacking group linked to a broader campaign targeting open source ecosystems and developer infrastructure since early 2026. The attackers allegedly placed GitHub’s internal source code up for sale on a cybercrime forum for at least $50,000. Screenshots circulating online showed the group threatening to release the stolen material publicly if no buyer emerged.

GitHub said it detected and contained the breach on Monday after identifying the compromised extension. The company isolated the affected workstation, revoked sensitive credentials, and removed the malicious plugin. According to the company’s preliminary investigation, the attackers gained access only to internal repositories and there is currently no evidence that customer repositories or enterprise data outside GitHub’s internal systems were affected.

The attack vector involved a compromised extension distributed through the Visual Studio Code marketplace. Security researchers believe the malware enabled attackers to steal authentication tokens, SSH keys, cloud credentials, and other sensitive secrets stored on the developer’s machine. Reports linked the incident to recent compromises involving the Nx Console extension, although GitHub did not officially confirm the plugin involved in the intrusion.

The incident forms part of a wider offensive attributed to TeamPCP against software supply chains. Since March 2026, the group has reportedly targeted several development tools and package ecosystems, including projects linked to Aqua Security, Checkmarx, Microsoft, and npm repositories. The campaign relies on self-propagating malware designed to harvest cloud credentials, password vault contents, and SSH keys from infected environments.

Cybersecurity analysts say the breach highlights growing risks tied to third-party development tools and extensions integrated into modern software engineering workflows. The attack also underscores the increasing importance of securing software supply chains as global companies rely heavily on open source ecosystems and cloud-based development infrastructure.


  • Fajr
  • Sunrise
  • Dhuhr
  • Asr
  • Maghrib
  • Isha

This website, walaw.press, uses cookies to provide you with a good browsing experience and to continuously improve our services. By continuing to browse this site, you agree to the use of these cookies.