— Border Cyber Group
May 20, 2026
TeamPCP walked out of GitHub with 3,800 internal repos through a single employee's VS Code install
GitHub confirmed the breach began when an employee installed a poisoned Visual Studio Code extension from the official VS Code Marketplace; GitHub immediately removed the malicious extension version, isolated the endpoint, and began rotating high-impact credentials. TeamPCP posted on the Breached hacking forum claiming access to GitHub source code and approximately 4,000 repos of private code, with an initial asking price listed at over $95,000 — not the $50,000 figure cited in the original item — and warned they would leak the material if no single buyer materialized. The specific extension is not yet formally named by GitHub, but the strongest publicly identified candidate based on timing, attribution, and behavior is nrwl.angular-console v18.95.0 (Nx Console), which was published to the VS Code Marketplace at 12:36 UTC on May 18 with malicious code injected into main.js. TeamPCP — tracked by Google Threat Intelligence Group as UNC6780 — has previously compromised Trivy, Checkmarx KICS, the LiteLLM library, the Telnyx SDK, TanStack, MistralAI, and other packages, largely through Mini Shai-Hulud, their adapted version of a self-replicating supply chain worm that automates credential theft from CI/CD pipelines. The GitHub breach arrived the same day a new Mini Shai-Hulud wave forged valid cryptographic provenance on 639 malicious npm package versions and the same day Wiz discovered TeamPCP had compromised Microsoft's durabletask Python SDK on PyPI. Help Net Security + 4
Watch for: The criminal forum listing has moved from a standard data sale to a threatened public leak if no buyer appears. A nation-state-adjacent buyer at this price point represents a qualitatively different risk than criminal monetization. GitHub has stated no customer data was impacted — that assessment is ongoing and may be revised.
Sources: Help Net Security (May 20, 2026); Hackread (May 20, 2026); Sophos security blog (May 20, 2026); VentureBeat (May 20, 2026); Phoenix Security technical analysis.
Grafana refused to pay CoinbaseCartel. Canary tokens lit up. They disclosed same day.
Grafana Labs disclosed the incident on May 16, 2026, in a six-part thread on X, confirming that a compromised token granted unauthorized access to its GitHub environment and enabled the threat actor to download its codebase — and was alerted after one of thousands of deployed canary tokens was triggered, immediately notifying the global security team. The root cause was a Pwn Request vulnerability — a well-documented flaw in workflows configured to trigger on GitHub's pull_request_target event — in which a pull_request_target workflow granted external contributors access to production CI secrets. CoinbaseCartel announced on its data leak site that they "are behind on many leaks," indicating a backlog of unreported victims. The group has amassed over 170 victims and deploys an in-memory tool called "shinysp1d3r" to encrypt VMware ESXi targets and disable snapshots, according to threat intelligence specialist Joe Shenouda. The shinysp1d3r attribution is a researcher assessment, not formally confirmed by Grafana or law enforcement — the original item presented it without that caveat and should have. Shared infrastructure, personnel overlap, and an identical initial-access playbook — voice phishing or stolen developer credentials, then OAuth abuse, source code repositories, and cloud admin consoles for data exfiltration — formally link CoinbaseCartel to ShinyHunters, Scattered Spider, and Lapsus$. Cyber Press + 3
Watch for: The "behind on many leaks" statement implies an unpublished victim backlog. Companies in healthcare, technology, transportation, manufacturing, and business services — CoinbaseCartel's documented target sectors — that have not received a ransom demand should not assume they haven't been compromised. The group's documented tactic of returning for a second payment after an initial ransom is paid is the more dangerous repeat-extortion pattern.
Sources: BleepingComputer (May 18, 2026); The Hacker News (May 18, 2026); CybelAngel analysis; Grafana Labs public X thread (May 16–17, 2026); Hoplon Infosec analysis.
Drupal dropped a security release today, 5–9pm UTC. It's now public: unauthenticated SQL injection, PostgreSQL only, but the scope is significant.
CVE-2026-9082, tracked as SA-CORE-2026-004, is a SQL injection vulnerability in Drupal's database abstraction API affecting sites using PostgreSQL databases. A flaw in the API allows an attacker to send specially crafted requests resulting in arbitrary SQL injection, leading to information disclosure and in some cases privilege escalation, remote code execution, or other attacks. The vulnerability can be exploited by anonymous users. The severity score of 20/25 reflects Access Complexity of "None" and Authentication requirement of "None" — meaning exploitation requires no privileged access or prior authentication — with the score stopping short of maximum because the exploit vector was initially classified as "Theoretical" and target distribution as "Uncommon," meaning only PostgreSQL-backed Drupal sites are affected. Affected versions span Drupal 8.9.0 through current releases across all supported branches. The release also includes security updates for Symfony and Twig, with Drupal noting that depending on site configuration and contributed modules, additional upstream vulnerabilities may apply. Drupal + 2
Watch for: The PostgreSQL-only scope is important context the original item lacked — MySQL and SQLite-backed Drupal installs are not affected by CVE-2026-9082 specifically, though the Symfony and Twig updates in this release apply to all sites and represent a separate patching obligation. End-of-life Drupal 8 and 9 sites received manual patch files but no official release, and those files "may introduce other bugs or regressions" per the Drupal Security Team — a meaningful risk for legacy government and university sites.
Sources: Drupal.org SA-CORE-2026-004 (May 20, 2026); Drupal PSA-2026-05-18; SecurityWeek (May 19, 2026); The Hacker News (May 19, 2026); Cyber Kendra technical analysis.
DirtyDecrypt PoC is public. Linux LPE. Know which distros are actually exposed before you panic-patch the wrong systems.
DirtyDecrypt (also called DirtyCBC) is a local privilege escalation vulnerability in the Linux kernel linked to CVE-2026-31635 (CVSS 7.5), residing in the rxgk_decrypt_skb() function — the decryption handler within the kernel's RxGK subsystem, which serves as the GSS-API-based security layer for RxRPC, the network transport used by the Andrew File System (AFS) client. Zellic and V12 discovered and reported the flaw on May 9, 2026, were told by kernel maintainers it was a duplicate of an already-patched issue, and published the PoC on May 18 after confirming the patch had merged on mainline. The "duplicate" response is the most operationally significant detail here: it means the fix was quiet, without the coordination that typically drives downstream distro patch cycles, leaving a gap between mainline and the distributions administrators actually run. Cyber Security NewsSecurity Affairs
DirtyDecrypt impacts only distributions with CONFIG_RXGK compiled in and enabled — specifically Fedora, Arch Linux, and openSUSE Tumbleweed. In containerized environments, vulnerable worker nodes provide a path to escape the pod. RHEL, Ubuntu LTS, and Debian stable ship with CONFIG_RXGK disabled and are not affected by this specific CVE. The Hacker News
DirtyDecrypt doesn't stand alone. It is the latest in a documented family sharing the same underlying page-cache write primitive: Copy Fail (CVE-2026-31431), disclosed April 29 by Theori, targeting the AF_ALG cryptographic socket interface; Dirty Frag (CVE-2026-43284 and CVE-2026-43500), which extended Copy Fail with two separate page-cache write primitives a week later; Fragnesia (CVE-2026-46300), affecting the XFRM ESP-in-TCP subsystem; and now DirtyDecrypt. Four related LPE primitives in the span of three weeks is a research cluster, not a coincidence — the underlying class is being systematically mapped. Security Affairs
Watch for: Fedora, Arch, and openSUSE administrators should treat this as urgent. The highest-risk environments are shared Linux hosts with multiple users, container clusters where the page cache is shared across the host, and CI runners and build farms. The broader Dirty family warrants tracking for variants that may eventually affect configurations currently considered safe. Help Net Security
Sources: SecurityWeek (May 19, 2026); The Hacker News (May 19, 2026); Security Affairs (May 19, 2026); Help Net Security Fragnesia analysis (May 14, 2026); GBHackers and CyberPress technical analyses.
INTERPOL ran its first MENA-wide cybercrime sweep. 201 arrested. 382 identified. A human trafficking layer nobody is talking about.
Operation Ramz ran from October 2025 through February 28, 2026 across 13 MENA countries, resulting in 201 arrests, 382 additional suspects identified, 3,867 victims identified, and 53 servers seized. Nearly 8,000 pieces of intelligence were disseminated among participating countries. Participating jurisdictions included Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia, and the UAE. The operation was partially funded by the EU and Council of Europe under the CyberSouth+ project, with private sector intelligence contributed by Group-IB, Kaspersky, Shadowserver Foundation, Team Cymru, and TrendAI. The original item's inference about potential Iranian APT infrastructure overlap has no supporting evidence in the INTERPOL release or any corroborating public source and should not have been included. What the original missed entirely: a raid in Jordan uncovered 15 individuals carrying out scams who were determined to be victims of human trafficking, recruited under false promises of employment from Asian countries, with their passports confiscated upon arrival. That trafficking-to-cybercrime pipeline is a documented regional pattern and a more substantive story than the unsupported APT overlap speculation. INTERPOL + 2
Watch for: The 382 identified-but-not-arrested figure represents the political ceiling of what coordinated MENA law enforcement can achieve in a single operation — those individuals remain active. Reconstitution of disrupted phishing-as-a-service infrastructure under new branding is the standard post-operation pattern; the Algerian PhaaS platform dismantled during Ramz is a specific candidate to watch for re-emergence.
Sources: INTERPOL press release (May 18, 2026); The Hacker News (May 19, 2026); Infosecurity Magazine (May 18, 2026); Help Net Security (May 18, 2026); Group-IB press release; Kaspersky press release; TechNadu (May 19, 2026).
GitHub Actions tag redirection was a real, named attack. The specific action is actions-cool/issues-helper. The exfiltration domain links it to Mini Shai-Hulud.
The popular GitHub Action actions-cool/issues-helper was compromised, with every existing tag in the repository redirected to a single imposter commit that does not appear in the action's normal commit history — meaning any workflow referencing the action by version tag automatically pulled and executed the malicious code on its next run. Only workflows pinned to a full commit SHA were unaffected. StepSecurity researcher Varun Sharma identified the compromise. The imposter commit, upon execution within a GitHub Actions runner, downloads the Bun JavaScript runtime to the runner, then reads Runner.Worker memory to extract credentials from CI/CD pipelines. A second GitHub action, actions-cool/maintain-one-comment, was also compromised with the same malicious functionality. GitHub subsequently disabled the maintain-one-comment repository for terms of service violations. The exfiltration domain t.m-kosche[.]com used in the actions-cool attack was also linked to the Shai-Hulud npm campaign reported separately on May 18–19, 2026 — directly connecting this incident to TeamPCP's broader Mini Shai-Hulud campaign and the same week's GitHub internal breach. Stepsecurity + 3
Watch for: Any pipeline that referenced actions-cool/issues-helper or actions-cool/maintain-one-comment by version tag should be treated as compromised. Credential rotation is the immediate action. The SHA-pinning remediation is the structural fix — and the tooling to audit and enforce it at scale is available from StepSecurity and similar CI hardening vendors.
Sources: StepSecurity blog post by Varun Sharma (May 19, 2026); The Hacker News (May 20, 2026); Daily Security Review (May 20, 2026); Rankiteo attack analysis.
Critical vulnerability in Universal Robots industrial cobots. CVE-2026-8153. CVSS 9.8. Unauthenticated RCE. This is not thin — it's fully documented.
CVE-2026-8153 is an OS command injection vulnerability in the Dashboard Server interface of Universal Robots PolyScope 5, rated critical with a CVSS score of 9.8, patched in PolyScope 5.25.1. The Dashboard Server accepts user-controlled input and passes it to the underlying operating system without proper neutralization of special elements, allowing an unauthenticated attacker with network access to craft commands executed on the robot's operating system — achieving remote code execution and compromise of the controller. The vulnerability was discovered by Vera Mens of Claroty Team82, who noted that while Universal Robots' cobots are not designed to be directly internet-accessible, they have a control box with an Ethernet port usable on demand for delivery of information to central management units, use of legacy field protocols like MODBUS and EtherNet/IP, or remote control. The flaw affects the robot controller itself — effectively a Linux-based computer connected directly to operational technology and physical machinery — across manufacturing, logistics, warehousing, automotive, healthcare, and industrial production environments. No public exploitation in the wild has been confirmed at time of disclosure. SecurityWeek + 2
Watch for: The network exposure condition is key: remote exploitation requires the Dashboard Server port to be reachable by the attacker. Organizations using cobots with remote management enabled — particularly those using MODBUS or EtherNet/IP integrations — have a higher exposure profile. Universal Robots systems in automotive and defense manufacturing contexts represent the highest-consequence environments. Upgrade to PolyScope 5.25.1 and restrict TCP port 29999.
Sources: SecurityWeek (May 19, 2026); Claroty/Vera Mens research; CISA advisory; Dark Reading (May 20, 2026); Rescana CVE analysis.
The GitHub Infrastructure Week Is a Campaign, Not Coincidence
In a six-week window: CVE-2026-3854, a critical remote code execution vulnerability in GitHub's internal Git infrastructure discovered by Wiz, allowed any authenticated user to execute arbitrary commands on GitHub's backend servers with a single git push command using nothing but a standard git client — affecting both GitHub Enterprise Server and GitHub.com. Then: Grafana's Pwn Request token theft via a GitHub Actions pull_request_target misconfiguration, exfiltrating its entire private codebase. Then: the actions-cool/issues-helper tag redirection, with the exfiltration domain directly tied to Mini Shai-Hulud. Then: TeamPCP's direct exfiltration of 3,800 internal GitHub repositories through a poisoned VS Code extension, using their Mini Shai-Hulud supply chain worm toolchain that had already hit Trivy, Checkmarx KICS, LiteLLM, Bitwarden CLI, TanStack, MistralAI, and Microsoft's durabletask SDK. The convergence of CoinbaseCartel and TeamPCP against GitHub-adjacent infrastructure within the same 72-hour window involves two distinct groups with documented ties to The Com ecosystem — the connection is structural, not asserted. SecurityWeek + 3
Watch for: The Mini Shai-Hulud source code is now public on GitHub under the MIT license, and copycat actors are already publishing variants. The barrier to running this class of supply chain attack has dropped to the cost of reading a public repository. GitHub's own security tooling — secret scanning, the advisory database, the dependency graph — was built from internal code that is now in adversarial hands. The integrity questions that raises have not received public answers. They should be asked. AppSec Phoenix
Sources: SecurityWeek CVE-2026-3854 coverage; Wiz discovery disclosure; Help Net Security Grafana coverage; StepSecurity actions-cool analysis; Help Net Security TeamPCP coverage; VentureBeat Mini Shai-Hulud analysis (May 20, 2026).
Jonathan Brown is a cybersecurity researcher and investigative journalist at bordercybergroup.com.
If you would like to support our work, providing useful, well researched and detailed evaluations of current cybersecurity topics at no cost, feel free to buy us a coffee! https://bordercybergroup.com/#/portal/support
Member discussion: