GitHub Breach Exposes 3,800 Repos | Microsoft Kills SMS Authentication | Proton Fights Canada Bill
5/22/20269 min
GitHub confirms a major supply chain breach after a malicious Visual Studio Code extension reportedly gave attackers linked to TeamPCP access to roughly 3,800 internal repositories. The bigger issue: developer workstations now hold some of the most sensitive secrets in modern software organizations.
Also today: Microsoft begins phasing out SMS-based authentication for personal accounts, calling text-message authentication a growing fraud risk as it shifts toward phishing-resistant passkeys. Researchers also disclose a nine-year-old Linux privilege escalation flaw, CVE-2026-46333, nicknamed SSH-Keysign-Pwn, which can allow root-level access with local machine access. And Proton publicly threatens to leave Canada rather than comply with proposed surveillance legislation it says would undermine its no-logs privacy promise.
Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security.
If cybersecurity, privacy, and digital infrastructure matter to your business, this is the daily briefing you need.
Timestamps:
00:00 Top Stories Rundown
00:24 GitHub Supply Chain Breach
01:09 Developer Workstations at Risk
02:31 Microsoft Ditches SMS MFA
04:15 Linux Root Escalation Flaw
06:11 Proton vs Canada Surveillance Bill
08:03 Wrap Up and Sign Off
#cybersecurity #github #microsoft #linux #protonvpn #privacy #databreach #supplychainattack #infosec #cybernews
Transcript preview
First 90 secondsJim Love· Host0:00
Cyber Security Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft three sixty-five. You can contact them at material dot security. GitHub confirms supply chain breach hit thirty-eight hundred internal repositories. Microsoft moves to a stronger authentication standard. Nine-year-old Linux flaw can hand root access to local attackers. And Proton drops the gloves over Canada's surveillance bill. This is Cybersecurity Today. I'm your host, Jim Love. GitHub has confirmed that approximately thirty-eight hundred internal repositories were accessed in a supply chain attack linked to the hacking group TeamPCP. According to GitHub, the breach began when an employee installed a malicious Visual Studio Code extension. The company has not identified the extension and hasn't disclosed what data was present on the compromised device. But GitHub says its current assessment is that the incident involved exfiltration of GitHub internal repositories only, and that TeamPCP's public claim of roughly four thousand repositories is directionally consistent with its own investigation.