— Border Cyber Group
May 20, 2026 | 8 Items
TeamPCP walked out of GitHub with 3,800 internal repos through a single employee's VS Code install
GitHub confirmed UNC6780 (TeamPCP) exfiltrated approximately 3,800 internal repositories after one developer installed a poisoned VS Code extension — attack surface doesn't get more mundane than that. This isn't a one-off: TeamPCP has been running an escalating, methodical supply chain campaign since at least early 2026, working through Trivy, Checkmarx, Bitwarden CLI, TanStack, LiteLLM, and hitting the European Commission downstream. They're now selling the GitHub haul on criminal forums at $50K. GitHub says no customer data touched — but the exposure window between initial compromise and detection is still unknown, and "no customer data" is doing a lot of work in that statement. The question nobody is asking loudly enough: GitHub's internal codebase is now in adversarial hands. That codebase includes security tooling, authentication systems, and potentially the infrastructure that signs or validates things a lot of people trust implicitly. The integrity question here runs much deeper than "were customer repos exposed."
Watch for: Any anomalous behavior in GitHub's own security features — signature validation, secret scanning, advisory tooling — over the next 30–60 days. Also watch whether the $50K listing moves; a buyer signals a second-order exploitation intent.
Source texture: Listing confirmed circulating on criminal forums; UNC6780 tracking is public via Google Threat Intelligence. The Shai-Hulud worm connection is worth pulling — suggests the group has lateral movement tooling built for developer environments specifically.
Grafana refused to pay CoinbaseCartel. Canary tokens lit up. They disclosed same day.
Grafana Labs had its entire private codebase stolen via a GitHub Actions "Pwn Request" misconfiguration — a token theft attack that's not exotic, not new, and embarrassingly common across organizations that treat Actions permissions as an afterthought. CoinbaseCartel sent the ransom demand. Grafana's security team said no, disclosed immediately, and the canary tokens they'd seeded in the repo confirmed exactly when and where exfiltration occurred. That's a mature incident response posture and worth noting as a template. CoinbaseCartel is assessed as a data-extortion arm of the broader The Com ecosystem — ShinyHunters/Scattered Spider/Lapsus$ lineage — operating without encryption, which makes them harder to track through the usual ransomware telemetry. 170+ victims since September 2025 is a significant operational tempo. The "behind on many leaks" claim from the group is the real tell: there is an unpublished victim backlog. Reporters and researchers should be working that list.
Watch for: The "shinysp1d3r" in-memory ESXi encryptor — if CoinbaseCartel pivots from pure extortion to destructive capability, the threat profile changes sharply. Also: two major GitHub infrastructure compromises in the same 72-hour window (this and TeamPCP) is not coincidence — assess whether these groups are coordinating, competing for the same access, or both working from a shared intelligence picture about GitHub's internal security posture.
Source texture: Grafana's public disclosure is unusually detailed and worth reading in full. The Com ecosystem relationships are well-documented through prior law enforcement filings.
Drupal is dropping a security release tonight, 5–9pm UTC, with an explicit exploit warning. No CVE. No details. That's the signal.
When Drupal pre-announces a release and tells you exploits may arrive within hours of disclosure, they know something. The absence of a pre-release CVE number isn't bureaucratic lag — it's severity management. A pre-announced critical without details means the patch-weaponization window is short enough that they don't want to hand researchers a head start on building a PoC while their constituency scrambles to patch. Drupal's install base skews heavily toward government portals, universities, NGOs, and enterprise CMSs — exactly the kind of infrastructure that runs on long patch cycles and has network-adjacent exposure. If this is unauthenticated RCE, the blast radius is substantial. If it's authenticated, the risk calculus shifts but doesn't disappear — credential stuffing against Drupal admin panels is a standing commodity attack.
Watch for: The 5–9pm UTC window tonight. Immediately after release, watch GitHub for PoC drops and monitor known exploit forums for weaponization attempts within the following 24 hours. Patch your Drupal instances before you read the CVE details — don't wait.
Source texture: Drupal Security Team public pre-announcement. Nothing beyond open source at this stage, but the framing of the advisory is itself the signal.
DirtyDecrypt PoC is public. Linux LPE. Patch distribution is going to lag badly.
PoC code is now public for DirtyDecrypt (CVE-2026-46300, also referenced as DirtyCBC), a Linux kernel local privilege escalation discovered May 9 by Zellic and V12 Security. The initial vendor response — "looks like a duplicate of something we already patched" — is the most dangerous response a maintainer can give, because it delays the downstream patch distribution cycle across distros. Even if the underlying primitives are similar to a prior fix, if the PoC works, the exposure window for unpatched systems is real and now accelerated significantly by public release. Linux LPE is foundational post-exploitation tradecraft — ransomware operators, nation-state actors, and opportunistic attackers all need it. The XFRM ESP-in-TCP context referenced in the CVE is worth attention: that's VPN and network stack territory, which suggests potential relevance to network appliance and cloud NAT gateway exposure, not just standard server compromise chains.
Watch for: Distro patch timelines — RHEL, Ubuntu LTS, Debian stable. Also watch for integration into post-exploitation frameworks within the next two weeks. If this surfaces in a ransomware intrusion report, the "duplicate" determination will look very bad in retrospect.
Source texture: Zellic and V12 Security discovery is public. PoC is circulating openly.
INTERPOL ran its first MENA-wide cybercrime sweep. 201 arrested. 382 identified but not arrested. That second number is the story.
Operation Ramz — 13 countries, October 2025 through February 2026, 201 arrests. The "first-of-its-kind" framing signals how significant prior coordination gaps across the MENA region have been: cybercrime operations there have historically benefited from fractured law enforcement relationships, competing geopolitical alignments, and a general absence of mutual legal assistance infrastructure equivalent to what exists between Western states and Five Eyes partners. The 382 identified-but-not-arrested figure is the number to sit with. That's not operational failure — that's a political ceiling. Those individuals are either in jurisdictions that declined to cooperate, are nationals with protection, or represent a tier of actor where the political cost of arrest outweighs the operational benefit. The region also hosts documented Iranian APT infrastructure. Whether any overlap between criminal networks targeted in Ramz and nation-state-adjacent actors exists has not been confirmed publicly — but the question is fair and the answer, if it exists, is not going to be in the press release.
Watch for: Follow-on arrests or extradition requests over the next 90 days. Also watch whether any of the infrastructure dismantled in Ramz resurfaces under new operation names — that's the standard reconstitution pattern and the clock started when the arrests were announced.
Source texture: INTERPOL public release. Iranian infrastructure overlap is inference based on known regional operational patterns, not confirmed in Ramz disclosures.
GitHub Action tags are being redirected to imposter commits. This is credential theft at scale, and most pipelines are running it right now.
Separate from the TeamPCP breach: popular GitHub Action tags have been redirected to impersonation commits designed to harvest CI/CD secrets from any workflow that runs the affected actions. The attack is elegant because it exploits a fundamental misconfiguration norm — almost everyone pins Actions by tag (@v3) rather than by commit SHA, which means a tag reassignment transparently swaps in malicious code without triggering any obvious alert. When that code runs in your CI pipeline, it has access to your secrets, your cloud credentials, your deployment keys, and potentially your production environment. Remediation is straightforward in principle — pin by SHA — but operationally painful at scale across large organizations with sprawling pipeline configurations. The relationship to the broader TeamPCP campaign pattern is direct: this is the same philosophy, exploiting developer trust in tooling as the attack surface, just implemented at the pipeline layer rather than the IDE layer.
Watch for: Any audit of your own CI/CD pipelines should happen now, not next sprint. Check your Actions references. If you're a security vendor or platform with wide pipeline adoption, assume you're a target. Also watch for cloud credential abuse in the days following — the stolen secrets have to go somewhere.
Source texture: Technical reports circulating in security researcher community. Remediation guidance is available from GitHub's own hardening documentation.
Critical vulnerability in networked industrial robot fleets. Details thin. Surface area is not. [DEVELOPING SIGNAL]
Reports from May 19 describe a critical vulnerability affecting networked industrial robot fleets, with remote exploitation implied. Detail is sparse and vendor identification is not yet confirmed publicly — treating this as a developing signal rather than a confirmed item, but flagging because the threat surface deserves the flag. Industrial robotics in automotive, semiconductor fabrication, and defense manufacturing contexts represent an attack surface where compromise is categorically different from IT intrusion: you're not talking about data theft, you're talking about physical process manipulation, production sabotage, or — in defense production contexts — supply chain integrity for manufactured components. OT/ICS security has improved significantly from its 2015-era baseline, but network-connected robot fleet management software tends to be vendor-controlled, poorly monitored by enterprise security teams, and running on long maintenance cycles. The disclosure pattern — sparse, cautious — is consistent with either vendor-controlled embargo before a coordinated patch or genuine uncertainty about scope.
Watch for: Vendor identification in the next 48–72 hours. If this is a fleet management platform rather than a firmware-level issue, the blast radius could span multiple manufacturers. Any ICS-CERT or sector-specific ISAC advisory would confirm severity assessment.
Source texture: Thin — May 19 reporting, no attribution confirmed. Flagged on pattern recognition, not sourcing depth.
The GitHub Infrastructure Week Is a Campaign, Not Coincidence
Step back from the individual items and look at the six-week window: CVE-2026-3854 (GitHub RCE, any authenticated user), Grafana's Pwn Request token theft via GitHub Actions, GitHub Action tag redirection for CI/CD credential harvesting, and now TeamPCP's direct exfiltration of 3,800 internal GitHub repositories — plus CoinbaseCartel operating against GitHub-hosted targets within the same 72-hour period. This is a coordinated adversarial thesis, whether or not the actors are coordinating with each other: developer infrastructure is the highest-leverage attack surface in 2026, and it is being systematically targeted. The logic is sound. Compromise a developer tool and you inherit trust relationships that no phishing campaign, no credential stuffing operation, and no endpoint implant can replicate. When GitHub's own internal code is in criminal hands, the downstream question isn't just "what secrets are in those repos" — it's whether the systems GitHub uses to vouch for code integrity, sign releases, or run its own security tooling have been studied closely enough to enable a long-game integrity attack. That question doesn't have a public answer yet. It should be asked loudly.
Watch for: Any indication that the $50K GitHub repo listing attracts a nation-state-adjacent buyer rather than a criminal one — that's the scenario where the integrity risk becomes acute. Also watch whether GitHub's own tooling (secret scanning, advisory database, dependency graph) behaves anomalously. The companies whose security posture most directly depends on trusting GitHub's internal systems should be asking GitHub hard questions right now.
Member discussion: