Cyber Security News

Hacking Editorial Brief: May 20, 2026

## GitHub Breach and ShinyHunters Activity

GitHub confirmed a significant security incident affecting approximately 3,800 internal repositories after an employee device was compromised through a malicious Visual Studio Code extension. The threat actor group TeamPCP has claimed possession of source code from roughly 4,000 private repositories and is demanding a minimum of $50,000, with reports indicating the stolen data is being auctioned on dark web forums with bids reaching over $100,000. The breach underscores supply chain risks inherent in developer tooling ecosystems, particularly browser extensions and IDE plugins that have elevated access to sensitive code repositories.

In a separate but notable campaign, the prolific threat actor ShinyHunters has reportedly targeted a cybersecurity firm that advises ransomware victims against paying extortions — a move that appears deliberately ironic. The group, previously linked to breaches of educational platforms including Canvas, continues demonstrating their capability to compromise high-value targets across sectors. Meanwhile, a newly disclosed heap buffer overflow vulnerability in NGINX (CVE-2026-42945) affecting versions 0.6.27 through 1.30.0 is now under active exploitation, posing immediate risk to organizations running vulnerable NGINX Plus and Open Source instances. On the competition front, DEVCORE researchers successfully exploited four Microsoft products at Pwn2Own Berlin 2026, demonstrating advanced zero-day capabilities in a controlled environment.

Sources: SecurityWeek · The Hacker News · PCMag · MyBroadband