Risky Business #839 -- TeamPCP stole GitHub's internal repos

Failed to add items

Sorry, we are unable to add the item because your shopping cart is already at capacity.

Add to basket failed.

Please try again later

Add to wishlist failed.

Please try again later

Remove from wishlist failed.

Please try again later

Adding to library failed

Please try again

Follow podcast failed

Unfollow podcast failed

Risky Business #839 -- TeamPCP stole GitHub's internal repos

Listen for free

View show details

On this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover: TeamPCP breached GitHub’s internal repos. Now what?Some absolute plonker glued Coruna to a hijacked npm packageCISA is worried about about open source and wants third party submissions for KEVAI infrastructure is “systemically” insecureMuch, much more This week’s episode is sponsored by allowlisting vendor Airlock Digital. Airlock’s founders David Cottingham and Daniel Schell join Patrick Gray to talk about Microsoft briefly flagging DigitCert’s root certificate as malware. Fun! This episode is also available on YouTube Show notes GitHub confirms being hacked by TeamPCP, says customer data unaffected | therecord.mediaGrafana Labs links GitHub environment breach to TanStack npm supply chain attack | Cybersecurity DiveCoruna Respawned: Compromised art-template npm Package Leads... | SocketCISA chief frets about open-source vulnerabilities, delayed security improvements | cyberscoop.comAnthropic: Mythos finds more than 10,000 software flaws in first month | cyberscoop.comPardon MIE? | ironPeak BlogCISA asks cybersecurity community to alert it to vulnerability exploitation | Cybersecurity DiveLawmakers Demand Answers as CISA Tries to Contain Data Leak | krebsonsecurity.comGoogle publishes exploit code threatening millions of Chromium users | arstechnica.comMillions of AI agents imperiled by critical vulnerability in open source package | arstechnica.comDiscord migrates all users to end-to-end encryption by default | The RecordTexas AG sues Meta over claims that WhatsApp doesn't provide end-to-end encryption | arstechnica.comAlleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada | krebsonsecurity.comIran-linked hackers target key US, allied sectors with sophisticated spear-phishing messages | Cybersecurity DiveFBI warns about fast-growing phishing kit targeting Microsoft 365 users | cyberscoop.comAnalyzing the rise in device code phishing attacks in 2026 | Push SecurityTrump Mobile confirms it exposed customers’ personal data, including phone numbers and home addresses | TechCrunch SecurityKash Patel’s clothing brand website shut down after reports it was hacked | TechCrunch SecurityTulsi Gabbard resigns as US director of national intelligence | Social SignalsWhen Certificate Trust Fails: The DigiCert Code-Signing Incident and Microsoft Defender False Positive |

No reviews yet