GitHub is the epicenter of this week’s threat activity. TeamPCP exploited three GitHub Actions architectural weaknesses to compromise CI/CD pipelines across hundreds of repositories without stolen credentials, then breached GitHub itself via a malicious VS Code extension, exfiltrating approximately 3,800 internal repositories including source for Actions, Copilot, CodeQL, and Dependabot. The Shai-Hulud 2.0 worm further extends the attack surface by compromising npm pre-install hooks across tens of thousands of GitHub repositories.