Noma Security's GitLost research shows that a public GitHub issue can trick GitHub Agentic Workflows into exfiltrating private repository contents. The attack requires no credentials — just a crafted issue on any public repo the agent can see.
Noma Security's GitLost research shows that a public GitHub issue can trick GitHub Agentic Workflows into exfiltrating private repository contents. The attack requires no credentials — just a crafted issue on any public repo the agent can see.
TeamPCP, tracked as UNC6780 by Google's Threat Intelligence Group, ran three coordinated supply chain campaigns in 2026 — poisoning Trivy, LiteLLM, and 170+ npm/PyPI packages — culminating in the theft of 3,800 GitHub internal repositories.
A solo researcher has documented 9,330 malicious GitHub repositories designed to poison AI coding agent sessions and deliver credential-stealing malware via blockchain-hosted C2 infrastructure.
A self-replicating worm compromised 73 Microsoft GitHub repositories on June 5, 2026, via stolen contributor PAT and malicious AI coding tool configs. Contained in 105 seconds.