A single VS Code extension installed by a single GitHub employee has cost the world’s largest code host roughly 3,800 of its internal repositories. GitHub confirmed the breach in a five-post thread on X on May 20, 2026, attributing the compromise to a poisoned extension that ran on the employee’s machine and gave attackers a foothold inside Microsoft’s flagship developer platform. The threat group TeamPCP, already infamous for a string of supply chain attacks across npm, PyPI, and PHP packages earlier this year, has claimed responsibility on underground forums and is reportedly asking more than $50,000 for the stolen dataset. GitHub’s own assessment is that the attacker’s claim of around 3,800 exfiltrated repositories is directionally consistent with what investigators have found so far. The company says no customer data was touched. What GitHub Disclosed GitHub broke the news in a numbered thread of five short posts on X, with no entry on the official github.blog or githubstatus.com at the time of disclosure. The company said it detected the compromise of an employee device the previous day, removed the malicious extension version from the marketplace, isolated the affected endpoint, and rotated critical secrets overnight, prioritizing the highest-impact credentials first. “Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only,” GitHub wrote, adding that it would continue to monitor logs for follow-on activity and publish a fuller report once the investigation is complete. The phrasing is careful. Saying GitHub-internal repositories only rules out customer repos, enterprise tenants, and organization data hosted on the public platform, but it leaves open what was inside those 3,800 repos: deployment scripts, infrastructure configuration, API documentation, staging credentials, and the architectural blueprints of GitHub itself. Important Note “No customer data” does not mean “no customer risk.” Internal repositories at a platform like GitHub typically contain deployment topology, secret rotation logic, CI workflows, and references to third-party integrations. Even if no customer secrets are inside, the architectural knowledge alone meaningfully reduces the cost of attacking customers downstream. The Attack: A Trojanized Extension Inside a Trusted Marketplace GitHub has not yet named the specific extension. Security researchers tracking TeamPCP’s tradecraft note that the group has spent 2026 weaponizing exactly this surface, planting trojanized code in package registries and development tools that developers trust by default. The mechanism is brutally simple. A developer browses the VS Code Marketplace, installs an extension that looks legitimate, and grants it the same execution privileges as any other process running under their account. From there, the malware can read source files, exfiltrate Git credentials, harvest tokens from ~/.aws, ~/.kube, and password managers, and clone every repository the developer has access to. There is no permission model meaningfully limiting what an extension can do once it executes. A theme can do anything a debugger can do. Browser extensions get treated as a security boundary. IDE extensions, which see your source code, your credentials, and your terminal, do not. That asymmetry is the single largest unaddressed risk in the modern developer toolchain, and the GitHub incident is the most expensive demonstration of it to date. What GitHub Has Done, and What Comes Next The containment steps GitHub described are textbook: detect, isolate, rotate, monitor. The company says it removed the malicious extension version, took the developer’s machine off the network, and rotated the credentials most likely to provide further pivots. The investigation continues, and GitHub has committed to publishing a fuller report later. Where the response is less defensible is in disclosure. Announcing a breach of this scale exclusively on X, a platform that requires a login to view most posts, drew sharp criticism. As of publication, there is no entry on the GitHub Blog and no advisory on the official status page. Customers governed by frameworks such as DORA or NIS2, both of which have hard supplier-incident notification timelines, will be looking for something more substantive than a Twitter thread. Pro Tip: IDE plugins and Cyber Security Treat any IDE plugin like a piece of production software. Pin to specific versions, disable auto-updates on critical machines, restrict the allowed publisher list (in VS Code via the extensions.allowed setting), and ensure that any project containing credentials cannot be opened by an editor that auto-runs .vscode/tasks.json without confirmation. If you maintain CI/CD secrets, assume that any developer machine with both source access and an unverified extension installed is already in the threat model. For organizations downstream of GitHub itself, the immediate hygiene items are clear. Rotate any GitHub personal access tokens or OIDC credentials that were used in conjunction with packages from the TanStack, UiPath, Mistral AI, OpenSearch, or Guardrails AI namespaces during the early May window. Audit .vscode/ and .claude/ directories for files such as router_runtime.js or setup.mjs. Search for the gh-token-monitor daemon, which acts as a dead-man switch and triggers a destructive rm -rf on token revocation if not removed first. An Incident or a Pattern? GitHub has had a rough quarter on availability, with multiple outages drawing public complaints. A confirmed source-code breach by the most prolific supply chain threat actor of 2026 lands at the worst possible moment for that narrative. Independent agencies such as the Cybersecurity and Infrastructure Security Agency and NIST, through its Secure Software Development Framework, have been warning for years that developer tooling and build pipelines are the soft underbelly of every modern company, and the Wikipedia entry for supply chain attack now reads like a chronological list of escalating incidents. The deeper lesson from the GitHub breach is not that one employee made a mistake. It is that the security model of the modern developer workstation has not kept pace with the value of what sits on it. Until IDE extensions are sandboxed with explicit capability grants, until source code repositories are treated as sensitive assets rather than collaboration surfaces, and until the disclosure norms for breaches at platform-level vendors are tightened, the Mini Shai-Hulud playbook will continue to work. GitHub will not be the last victim of this campaign. It is simply, for

Axipro, the cybersecurity and compliance consulting firm, and Kertos, the European compliance automation platform, and  have entered a strategic partnership that combines software automation with hands-on implementation support for organisations navigating Europe’s expanding regulatory regime. The agreement, effective April 1, 2026, names Axipro as an implementation partner for Kertos. Customers can now buy the Kertos platform through Axipro alongside consulting, implementation support, and broader compliance service packages spanning frameworks including GDPR, NIS2, DORA, the EU AI Act, ISO 27001, and SOC 2. The partnership lands as European companies face mounting regulatory pressure. The NIS2 Directive pulled around 28,700 additional companies into scope when it replaced its predecessor in October 2024. DORA became fully applicable in January 2025, binding around 22,000 EU financial entities to a single ICT risk management framework with penalties of up to 2% of global turnover. The EU AI Act adds another layer, with compliance costs for SMEs running between €50,000 and €500,000 per organisation depending on use case. What the partnership delivers Under the agreement, Axipro sells, implements, and operates Kertos for customers as part of integrated service packages. The same partner that scopes the gap assessment, defines the control framework, and runs the implementation also configures and operates the platform that holds the evidence. Engagements no longer hand off between separate vendors. For Kertos, the deal gives the platform deeper exposure to how compliance programmes run inside operating businesses, feeding back into product development. For Axipro, which already supports companies across more than 20 frameworks with services spanning penetration testing, internal audit, and end-to-end certification support, Kertos extends its offering with continuous evidence collection, control management, vendor management, and automated audit preparation. “Our ambition at Kertos is to build the leading compliance automation platform in the market, one that doesn’t just simplify compliance but fundamentally redefines how companies achieve and maintain it,” said Dr. Kilian Schmidt, CEO of Kertos. “Strategic partnerships like the one with Axipro are a key part of that journey. By working closely with experienced compliance experts, we gain invaluable real-world insights that directly shape and accelerate our product development.” Free migration to Kertos through Axipro As part of the partnership, Axipro is offering free migration to Kertos for companies currently using another compliance or GRC platform. The migration covers transferring existing controls, evidence, policies, and vendor records into Kertos, with Axipro consultants handling the rebuild of framework mappings for ISO 27001, SOC 2, GDPR, NIS2, and other applicable standards. The aim is to remove the cost and disruption that typically deters companies from switching platforms mid-program, even when their existing tooling no longer fits their regulatory scope.   DACH region as the starting point Germany consistently leads European GRC adoption and accounts for the largest share of the region’s GRC platform market. It is also where regulatory pressure is sharpest right now, with the Federal Office for Information Security actively building out supervisory capacity ahead of the April 2026 NIS2 registration deadline for essential and important entities. “Compliance is only as strong as the tools and partners behind it,” said Ali Hayat, CEO of Axipro. “Our partnership with Kertos gives our clients in the DACH region access to a powerful data privacy and compliance platform, backed by Axipro’s hands-on expertise. Together, we make achieving and maintaining compliance seamless, faster, and more predictable for the businesses that need it most.” Both companies framed the agreement as a foundation for deeper collaboration as customer needs and regulatory requirements continue to evolve. About Axipro Axipro is a cybersecurity and compliance consulting firm helping high-growth companies achieve and maintain regulatory certifications across more than 20 frameworks including SOC 2, ISO 27001, GDPR, and NIST. Services span penetration testing, internal audit, and end-to-end support for companies pursuing first-time certification or maintaining existing ones. Axipro has offices in the UK, the USA, and Bahrain. About Kertos Kertos is a compliance automation platform that helps companies operating in Europe meet and maintain compliance requirements for frameworks including ISO 27001, SOC 2, GDPR, and NIS2. By automating evidence collection, control management, vendor management, and audit preparation, Kertos enables organisations to build and maintain robust information security and data protection programmes without the manual overhead of traditional approaches. Read the full press release here

When Abeera Zainab joined Axipro in early 2024, she quickly became more than just part of the delivery team—she became a driving force behind how compliance engagements are executed across the firm.Over the past few years, her role has naturally expanded. What began as hands-on involvement in compliance delivery has evolved into leading complex, multi-framework programs across diverse client environments. Today, Abeera operates at the centre of Axipro’s GRC function—overseeing engagements that span ISO 27001, ISO 27701, SOC 2, PCI DSS, GDPR, HIPAA, ISO 42001, and DORA, often managing multiple frameworks simultaneously within a single scope.   Her strength lies not just in understanding these standards, but in making them work together—bringing structure to complexity and helping organisations move toward audit readiness without unnecessary friction. This approach has translated into tangible results. Abeera has played a key role in maintaining Axipro’s 100% audit success rate across 40+ certified clients, with no failed audits to date, while consistently delivering a high level of client satisfaction.But what clients often highlight most isn’t just the outcome—it’s the experience of working with her. Even in high-pressure situations—tight timelines, evolving scopes, or complex stakeholder environments—Abeera is known for her calm, structured, and transparent approach. She brings clarity where there is uncertainty, keeps engagements on track, and ensures that teams remain aligned from kickoff through to certification.   Her technical depth supports this delivery. Abeera holds the ISO/IEC 27001:2022 Lead Auditor certification (CQI/IRCA), the ISO/IEC 42001:2023 Lead Auditor certification, and the Drata Fundamentals Certification. Combined with over 3+ years of hands-on GRC experience, she brings both credibility and practical insight to every engagement. As GRC Lead, her focus extends beyond individual projects. She takes ownership of delivery quality, contributes to the evolution of Axipro’s advisory methodology, and actively supports the development of the wider team. Her role sits at the intersection of execution and strategy—ensuring that every engagement not only meets compliance requirements but also strengthens the client’s overall security and governance posture. At her core, Abeera’s work is about more than passing audits. It’s about building confidence—within client organisations, within delivery teams, and within the systems that support them.And that’s what makes her a trusted advisor in an increasingly complex compliance landscape.

On April 19, 2026, Vercel confirmed attackers had reached parts of its internal systems. The entry point was an infostealer infection on an employee’s laptop at Context.ai, a third-party AI platform, two months earlier. From that single compromised machine, an attacker moved through Google Workspace OAuth, into a Vercel employee’s account, and then into Vercel environments where customer environment variables were stored. This is the shape of a modern supply-chain breach, and it is worth understanding in detail. What Vercel Has Confirmed Vercel published a short security bulletin on April 19, 2026, stating that unauthorized access had affected a limited subset of customers. The company engaged external incident response experts and notified law enforcement. Hours later, CEO Guillermo Rauch provided the attack chain on X: Context.ai was breached, a Vercel employee’s Google Workspace account was taken over through that breach, and the attacker then pivoted into Vercel’s internal environments. Incident responders from Mandiant were engaged alongside law enforcement, according to BleepingComputer’s reporting on the incident. Rauch stated that Next.js, Turbopack, and Vercel’s open-source projects had been audited and remained safe, a direct response to claims circulating on a cybercrime forum that framed the incident as a potential Next.js supply-chain disaster. All core services, including deployments, the edge network, and the dashboard, continued to operate normally throughout the investigation. In the days following the disclosure, Vercel also rolled out dashboard updates including an environment variable overview page and an improved UI for creating and managing sensitive variables. The number of customers directly contacted has not been published, but Vercel has described the impact as quite limited. Customers not contacted have been told there is no current evidence their credentials or personal data were compromised. The Initial Access: A Context.ai Infostealer Infection According to cybercrime intelligence researchers, the likely origin of the breach was a Lumma infostealer infection on a Context.ai employee’s machine in February 2026, a full two months before Vercel’s public disclosure. Browser artifacts from the compromised device tell a familiar story: the user had been searching for and downloading Roblox auto-farm scripts and game exploit executors, a well-documented vector for Lumma stealer deployment. The stealer would have exfiltrated browser credentials, session cookies, and OAuth tokens. Context.ai is an enterprise AI platform that builds agents on top of a customer’s institutional knowledge. To function, it integrates with Google Workspace and requests deployment-level OAuth scopes. As reported in detail by The Hacker News, once Context.ai’s credentials were in the hands of an attacker, that OAuth integration became a privileged foothold into any organization using the platform. Vercel’s investigation noted that the Context.ai OAuth app compromise potentially affected hundreds of users across many organizations, which makes the Vercel intrusion one downstream consequence of a broader supply-chain incident rather than a self-contained breach. The attacker used the compromised integration to take over a Vercel employee’s Google Workspace account. From there, they pivoted into Vercel’s environment and began enumerating environment variables. Vercel offers customers the option to mark environment variables as sensitive, which encrypts them at rest and blocks them from appearing in the dashboard UI. Variables not marked sensitive were readable, and the attacker used that enumeration to extend access further. Who Was Affected and What Was Accessed Confirmed impact is narrower than the headlines suggest. Vercel has stated that customer environment variables marked as sensitive remain encrypted at rest and show no evidence of access. The attacker did read environment variables not marked sensitive, and used those values for further escalation. Secondary reporting indicates that Vercel’s Linear and GitHub integrations bore the brunt of the attack. The attacker demonstrated detailed knowledge of Vercel’s internal systems and moved with high operational velocity, behavior that led Vercel to classify them as highly sophisticated. Whether any customer-owned repositories were accessed through these integrations has not been publicly established. Separately, a threat actor using the ShinyHunters moniker listed what they described as Vercel internal data on BreachForums for USD 2 million, claiming to offer employee accounts, deployment access, source code, database content, GitHub tokens, and npm tokens. The same actor separately communicated a USD 2 million ransom demand via Telegram. Vercel has not confirmed any of these specifics, and Rauch’s public rebuttal focused on the claim that Next.js and related OSS release paths were compromised, which Vercel says they are not. Adding a further layer of doubt, members of the actual ShinyHunters group denied involvement when contacted by BleepingComputer, suggesting the listing may be a copycat or lone-actor operation trading on the group’s reputation. Important: Treat the ShinyHunters listing as plausible but unverified. Plan your remediation against the confirmed scope, which is already broad enough to justify rotating Vercel-connected secrets, but do not quote forum claims to regulators, customers, or auditors as established fact. Indicators of Compromise Vercel published an OAuth application identifier tied to the Context.ai integration that Google Workspace administrators should search for in their own tenant: 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com If that client ID appears in your Google Workspace OAuth app inventory, a Context.ai integration exists or existed within your environment. The presence of the integration is not proof your tenant was accessed, but it moves you into the population that needs closer triage. Review the OAuth grant scopes, any activity from the associated service account, and the audit logs for any user who authorized the application. Vercel has also contacted affected customers individually. If you have not received direct outreach, Vercel’s public position is that there is no present evidence your Vercel credentials were compromised. What Vercel Customers Should Do Now Rotate all non-sensitive environment variables across every Vercel project. Anything that is a secret — API keys, database credentials, signing keys, webhook secrets, third-party tokens — should be stored using the sensitive environment variable feature going forward. Rotate any such value that was stored as non-sensitive before April 19, 2026, on the assumption it may have been read. Audit your Vercel activity logs for the period of April 17 through 19, 2026. Unexpected logins, environment variable reads, integration authorizations, or administrative actions during

Axipro has appointed Ikponke Godwin, CISM, as Principal Advisor. She joins from EY and brings a profile that is genuinely rare in this space: deep technical security experience and mature governance expertise, built in parallel rather than one after the other. Ikponke spent over a year at EY as Senior Cybersecurity Consultant for West Africa, advising enterprise clients across security operations, GRC, and digital transformation. Before that, nearly two years at PwC Nigeria as both Associate Cybersecurity Specialist and Penetration Tester, where she worked across vulnerability assessment, framework implementation, and technical risk analysis. Most recently, she completed a secondment at Flutterwave as GRC Analyst, where she led an enterprise gap assessment using NIST CSF 2.0, co-developed a risk-based remediation roadmap, built out risk taxonomies, and used Drata to automate compliance workflows across one of Africa’s most closely-watched fintech platforms. That combination of offensive security work and governance programme delivery is what makes her appointment significant. Many practitioners develop in one direction or the other. Ikponke has done both, and the combination shapes how she approaches client problems: starting with what could actually go wrong, not just what the framework says should be documented.   She holds the Certified Information Security Manager (CISM) designation and has hands-on experience across penetration testing, SIEM operations, third-party risk management, and security policy development. She has also worked as a Cybersecurity Instructor, which speaks to how clearly she can communicate complex topics to teams who are not security specialists. Ikponke on joining Axipro: “What drew me here is the combination of ambition and precision. The firm is growing fast but has not traded rigour for speed. I want to build on that.” As Principal Advisor, Ikponke will work with enterprise and mid-market clients on complex compliance engagements, technical security assessments, and GRC transformation programmes. She is based in Lagos, Nigeria. We’re glad to have her.