github7 articles
GitHub Actions Went Down for Three Hours and Told Developers Their Accounts Were Suspended
GitHub Actions experienced an outage lasting over three hours on May 26, disrupting CI/CD workflows for developers worldwide and displaying a misleading "Your account is suspended" error message, which caused additional alarm given how difficult real account suspensions can be to resolve. The outage, attributed to authentication issues, was particularly disruptive because even customers using external or self-hosted runners were affected, as GitHub's cloud service acts as the control plane. Despite recurring reliability problems this year, GitHub's platform continues to grow rapidly, with Actions usage more than doubling since 2023, largely driven by the surge in AI-generated code.
Megalodon Attack Poisons Thousands of GitHub Repos via CI/CD Hijacking
Someone has been systematically targeting GitHub repositories at scale.
How One Unrotated Token Gave Hackers Access to Grafana's Codebase
Grafana's data breach stemmed from a single GitHub workflow token that was accidentally missed during a credential rotation following the TanStack npm supply-chain attack, in which malicious packages infected with credential-stealing malware exfiltrated tokens from Grafana's CI/CD environment. The overlooked token allowed attackers to access private repositories, from which they stole source code and internal business contact information, though no customer production data or systems were compromised. Grafana confirmed that its codebase was not modified during the incident, meaning downloaded code remains safe, and users are not required to take any action.
CISA Left Its Passwords in a Public GitHub Repo Called 'Private-CISA'
CISA, the US cybersecurity agency, had a trove of sensitive credentials — including plaintext passwords, SSH private keys, and tokens — exposed in a public GitHub repository called "Private-CISA" since at least November 2025, with GitHub's default secret-protection features deliberately disabled. Security testing confirmed the leaked credentials provided high-privilege access to multiple AWS GovCloud accounts, and the repo appears to have been managed by CISA contractor Nightwing. The incident marks yet another security embarrassment for CISA, following a separate January 2026 incident in which the acting director uploaded sensitive government documents to ChatGPT.
A Poisoned VS Code Extension Just Breached 3,800 GitHub Repositories
GitHub has confirmed that approximately 3,800 internal repositories were compromised after an employee installed a malicious VS Code extension, which was subsequently removed from the VS Code Marketplace and the affected device secured. The hacker group TeamPCP has claimed responsibility, advertising the stolen data on a cybercrime forum for at least $50,000, though GitHub states there is no evidence that customer data outside the breached repositories was affected. This incident is part of a broader pattern of malicious VS Code extensions targeting developers, with TeamPCP also previously linked to supply chain attacks on platforms including PyPI, NPM, and Docker.
One Dodgy VS Code Extension Later, GitHub Lost 3,800 Internal Repos
GitHub confirmed that approximately 3,800 internal repositories were compromised in a supply chain attack carried out by the hacking group TeamPCP, after an employee installed a malicious VS Code extension on their machine. The attackers claimed to have stolen source code and internal data, offering it for sale for at least $50,000 on an underground forum. GitHub responded by rotating critical credentials and launching an investigation, noting that the attack highlights the significant security risk posed by unvetted developer tools and extensions.
Grafana Labs Got Its GitHub Raided. It's Not Paying Up.
Grafana Labs has disclosed that an unauthorized attacker obtained a token to access its GitHub environment and stole its codebase, subsequently threatening to release the code unless a ransom was paid. The company refused to pay, citing FBI guidance and the fact that no customer data or operational systems were affected. The incident's impact may be limited, as much of Grafana's code is already open source, though it remains unclear exactly what proprietary code was taken.