Risky Business #839 -- TeamPCP stole GitHub's internal repos

Risky Business #839 -- TeamPCP stole GitHub's internal repos

From Risky Business by Risky Business Media

May 27, 2026 · 1h 0m

About this episode

The episode discusses the breach of GitHub's internal repositories by TeamPCP and various cybersecurity news topics.

On this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover: TeamPCP breached GitHub’s internal repos. Now what? Some absolute plonker glued Coruna to a hijacked npm package CISA is worried about about open source and wants third party submissions for KEV AI infrastructure is “systemically” insecure Much, much more This week’s episode is sponsored by allowlisting vendor Airlock Digital. Airlock’s founders David Cottingham and Daniel Schell join Patrick Gray to talk about Microsoft briefly flagging DigitCert’s root certificate as malware. Fun! This episode is also available on YouTube

People in this episode

Hosts: Patrick Gray, Adam Boileau, James Wilson

Guests: David Cottingham, Daniel Schell

Topics covered

  • cybersecurity news
  • GitHub breach
  • open source security
  • npm package hijacking
  • AI infrastructure security

Keywords

  • TeamPCP
  • GitHub
  • CISA
  • open source
  • npm package
  • Airlock Digital
  • cybersecurity
  • AI infrastructure

Sponsors

Airlock Digital

Mentioned in this episode

Organizations: TeamPCP, GitHub, CISA, Microsoft, DigitCert

More episodes of Risky Business

Explore listener stats, chart rankings, contacts and more on the Risky Business podcast page.