
Risky Business #839 -- TeamPCP stole GitHub's internal repos
From Risky Business by Risky Business Media
May 27, 2026 · 1h 0m
About this episode
The episode discusses the breach of GitHub's internal repositories by TeamPCP and various cybersecurity news topics.
On this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover: TeamPCP breached GitHub’s internal repos. Now what? Some absolute plonker glued Coruna to a hijacked npm package CISA is worried about about open source and wants third party submissions for KEV AI infrastructure is “systemically” insecure Much, much more This week’s episode is sponsored by allowlisting vendor Airlock Digital. Airlock’s founders David Cottingham and Daniel Schell join Patrick Gray to talk about Microsoft briefly flagging DigitCert’s root certificate as malware. Fun! This episode is also available on YouTube
People in this episode
Hosts: Patrick Gray, Adam Boileau, James Wilson
Guests: David Cottingham, Daniel Schell
Topics covered
- cybersecurity news
- GitHub breach
- open source security
- npm package hijacking
- AI infrastructure security
Keywords
- TeamPCP
- GitHub
- CISA
- open source
- npm package
- Airlock Digital
- cybersecurity
- AI infrastructure
Sponsors
Airlock Digital
Mentioned in this episode
Organizations: TeamPCP, GitHub, CISA, Microsoft, DigitCert
More episodes of Risky Business
- Risky Business #841 -- Microsoft gets owned and 0day'd · June 10, 2026 · 1h 3m
- Soap Box: Detection and response in the AI age · June 5, 2026 · 37 min
- Risky Business #840 -- Microsoft walks back researcher threats · June 3, 2026 · 1h 6m
- Risky Business #838 -- GitHub investigates possible breach · May 20, 2026 · 1h 3m
- Soap Box: Where does AI fit into cloud security? · May 15, 2026 · 34 min
- Risky Business #837 -- GitHub Actions footgun claims TanStack · May 13, 2026 · 1h 5m
Explore listener stats, chart rankings, contacts and more on the Risky Business podcast page.