[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fBMOYx3jtpjWfpqBZYXCaQYhuCG3nFJwpAlOC0OOz5x0":3},{"lesson":4},{"id":5,"slug":6,"article_id":7,"title":8,"body":9,"prevention":10,"framework_refs":11,"status":17,"created_at":18,"published_at":19,"article":20,"tags":23},"b6bdaae8-2e22-4da3-a0ed-d3de505f373f","lapsus-and-teampcp-collaborate-to-sell-github-internal-repositories","71b72129-9ed9-4929-a392-6bd4516331e7","LAPSUS$ and TeamPCP Collaborate to Sell GitHub Internal Repositories","The LAPSUS$ Group's partnership with TeamPCP to sell GitHub's internal repositories demonstrates how threat actors are increasingly targeting critical software infrastructure providers to access valuable intellectual property. This supply chain attack affects not only GitHub but potentially thousands of organizations that rely on the platform for code development and storage. The collaboration between two established threat groups indicates a concerning trend toward coordinated attacks on foundational technology platforms that support global software development ecosystems.","**Immediate actions:**\n- Review and rotate all authentication credentials for GitHub and other critical development platforms\n- Implement additional access controls and monitoring for repositories containing sensitive code\n- Conduct emergency assessment of code exposure and potential intellectual property theft\n\n**Long-term improvements:**\n- Establish vendor risk management programs that include security assessments of critical software platforms\n- Implement data classification policies to identify and protect high-value intellectual property\n- Deploy code scanning tools to detect unauthorized access or data exfiltration attempts\n\n**Supply chain security:**\n- Diversify critical development infrastructure across multiple trusted providers\n- Maintain offline backups of critical source code and intellectual property\n- Establish incident response procedures specifically for supply chain compromises",[12,13,14,15,16],"CIS Control 15","NIST SP 800-161","NIST SC-7","ISO 27036","GDPR Article 28","published","2026-05-22T05:40:19.444935+00:00","2026-05-22T05:40:18.79489+00:00",{"id":7,"url":21,"title":22},"https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2057136118240284834","RT @DarkWebInformer: ‼️ LAPSUS$ Group announces a joint for sale post with TeamPCP for the GitHub...",[24,30],{"id":25,"name":26,"slug":27,"description":28,"color":29},"c8b843a5-d5a7-41d1-8d3b-cabded09d2ef","Data Protection","data-protection","Unencrypted data, missing DLP, poor classification","#3b82f6",{"id":31,"name":32,"slug":33,"description":34,"color":35},"f0c2a0af-58aa-4128-87c9-6acd30f2dc48","Supply Chain","supply-chain","Third-party risk, compromised dependencies","#8b5cf6"]