GitHub, the world's biggest code repository and DevOps platform, fell victim to a malicious Visual Studio Code (VS Code) extension. The company's initial assessment is that only internal repositories were exfiltrated. The incident was reported by GitHub on X, with follow-up posts revealing a "poisoned VS Code extension" as the cause. The Microsoft-owned code shack continues to "analyze logs, validate secret rotation, and monitor for any follow-on activity." One GitHub post references "the attacker's current claims of ~3,800 repositories" as consistent with its investigation. This may refer to a post attributed to TeamPCP, the malware crew linked to the Shai-Hulud worm, the code for which has been published and caused widespread damage. In a post, the crew advertised GitHub's internal source code for sale, claiming around 4,000 repositories. They said it was not a ransom and if no buyer was found, they would leak the code for free. Claims like these should be treated with caution. A key concern for GitHub users is whether private repositories are at risk, either immediately or in the future if the attackers have gained a foothold into internal systems via stolen credentials. Risks include leakage of commercial code and credentials. Although best practice is not to check secrets into any repository, public or private, some organizations are less disciplined about this when repositories are private. Last month, Wiz Research discovered a remote code execution flaw in GitHub.com and GitHub Enterprise Server (the self-hosted version), which the researchers said was "remarkably easy to exploit." The vulnerability was discovered using AI. Developer reactions to GitHub's latest problems combine alarm and resignation – plus some humor. "How did the attackers find a large enough uptime window to get in?" quipped one. GitHub is in some difficulty. This compromise comes after a surge in npm attacks, many related to Shai-Hulud code, which the company has failed to prevent despite being aware of the issue since September 2025. Further, the platform has reliability issues caused in part by AI bots hoovering public code to feed large language models – problems that led HashiCorp co-founder Mitchell Hashimoto to declare GitHub "no longer a place for serious work." Another said that "the era where a developer machine with source code access also has access to meaningful security systems should be over. Internal repository access should mean nothing... GitHub compromise could happen at any time, even from GitHub themselves." Issues with cloud platforms also increase the appeal of self-hosted systems such as the open source
London’s Metropolitan Police – the UK’s largest police force – asked tech companies to give officers access to private communications data over 700,000 times in 2025 alone, according to figures obtained by The Register under the Freedom of Information Act. These statistics expose the monitoring of everyday platforms like takeaway delivery services, and also show a massive surge in the force's surveillance of the users of low cost MVNO LycaMobile. Additionally, our FoI exposed the acquisition of data from encrypted messaging services designed to offer privacy. Since 2024, the Met says that it has obtained communications data (CD) from Proton’s privacy-focused mail service users 139 times. CD is not messaging content, but metadata. In Proton’s case, this could include account payment details and, in some instances, IP addresses. Although Proton did not dispute these figures, a spokesperson told us: "Proton does not transmit data directly to any foreign law enforcement agencies," adding that it operates under a “strict legal framework” so all requests must go through the Swiss authorities. Requests for data that don’t meet Proton’s legal and human rights requirements are refused, which it has an "established practice" of doing, according to the spokesperson. The Met also claims that it has acquired data results from ProtonVPN, although the non-profit says this is "highly dubious and inconsistent with our technical reality [...] because Proton VPN does not log user activity, there is no data to provide," referring El Reg to its transparency report. “We engage with every request in good faith, but we simply cannot hand over what we do not collect,” Proton said. The Met’s data also suggests encrypted messenger Signal has provided data once since 2024. But this is also, apparently, contrary to records that the non-profit holds. A spokesperson told us: “Signal collects very little data about its users to begin with and publishes the requests we respond to at signal.org/bigbrother. We have not shared any user data in response to a legal request originating from the United Kingdom.” If data was shared by Signal it could only include phone numbers, when the account was created, and when the user last accessed the platform. When queried about the denials by both Proton and Signal, the police force said it couldn’t comment on the specifics of how it acquired the data. The Met Police says that all companies “have a legal obligation” to cooperate with officials thanks to the powers of the Office for Communications Data Authorizations (OCDA). The OCDA is now a part of the Investigatory Powers Commissioner’s Office (IPCO), which monitors the select public authorities, law enforcement agencies, and government departments with the power to acquire comms data. But there’s some fog around authorizations for the police, according to Dr Bernard Keenan, a law lecturer and surveillance researcher at University College London: “When it comes to communications data and metadata, it’s seen as a less severe intrusion than intercepting or accessing the content of a message, and so while the police need an authorization to get it, the decision is delegated to designated senior officers. So it’s something that the police can do operationally, more-or-less autonomously.” Sources compromised In 2024, the year of the most recent IPCO annual report, it was found that these authorizations to all law enforcement agencies affected lawyers 219 times and journalists on 157 occasions. This came with a caveat: “Most [CD] applications relating to sensitive professionals were submitted because the individual had been a victim of a crime.” While CD does not contain message content itself, there remains a risk that contacts such as a journalist’s sources could be disclosed. Also in the report is the revelation that in 2024, 106 warrant applications were issued to specifically identify journalists’ sources, and under these separate powers, the request could also include the communications content itself. There’s no requirement to inform sensitive professionals they have been targeted in this way, and while ordinary law enforcement agencies need to seek a judge’s approval, intelligence and security spies are exempt from this. Tim Dawson, freelance organizer at the National Union of Journalists - who also convenes the International Federation of Journalists’ working group on surveillance - said: “UK legislation lays down clear guardrails for law enforcement agencies obtaining communications data, and includes protections specifically for journalists.” But he continued: “The NUJ does not consider these are sufficiently robust. More disturbingly, however, it is clear that they are sometimes ignored – just look at the cases around the attempted prosecution of Barry McCaffrey and Trevor Birney.” These two journalists were unlawfully spied on by the Met and Police Service Northern Ireland to identify the source of allegedly stolen police documents used in a documentary about paramilitary killings during the Troubles. The police had claimed that information revealed in the film had breached the Official Secrets Act. McCaffrey and Birney used judicial review [PDF] to challenge the police action and the court ruled that the searches were unlawful. 'The digital border is expanding through policing' In 2025, the number of requests sent by the Met to MVNO LycaMobile increased by almost 500 percent year-on-year, rising from 15,702 to 93,527. This drastic spike was totally absent for other British network providers such as Vodafone, O2, Three, and Lebara. Considering LycaMobile’s focus on cheap overseas calling, and the likelihood of foreign nationals using its service, concerns have been raised that this data could be used for a crackdown on immigration. Fizza Qureshi, chief executive of Migrants’ Rights Network, a charity that researches the digital hostile environment, said: “A 500 percent surge in data requests from the Metropolitan Police to a network used largely by migrants and racialized people makes clear that the digital border is expanding through policing.” This checks out, considering the Home Office recently said immigration enforcement officers can now, under the Border Security, Asylum, and Immigration Act 2025, rifle through the mouths of undocumented migrants to search for hidden SIM-cards — as part of new powers granted to seize phones and gather digital intelligence. The new powers came into force last year in December, despite legal reviews finding procedural unfairness of such searches. In 2022, a High Court ruling found the Home Office’s controversial seizure and retention of over 2,000 migrants’ mobile phones was unlawful. “Migrants and racialized people are singled out for surveillance that would never be tolerated elsewhere,” according to Qureshi. “They are treated as acceptable subjects for intrusive monitoring, from phone records to delivery routes. This marks part of a wider trend of pre-emptive criminalization of migrants and racialized people and is an enormous infringement of our right to privacy.” While a Met spokesperson denied any indication that the increase was specifically related to immigration crime, they offered a pretty milquetoast example that an increase in requests to a specific mobile operator could have been due to its increased popularity. If this were the case, Lycamobile would have needed to have grown its users from an estimated 2 million to 10 million for the surge to be consistent. LycaMobile did not respond to The Register’s queries. Additionally, Counter Terrorism Policing (CTP) – a part of the Met – started a procurement process for software for a Communication Exploitation Data Tool last year. Some of the requirements listed on the procurement notice were to process data from Uber rides and deliveries to be used for “intelligence analysis.” At the time of publication, it read: It’s understood the requirements for the project have now changed. When asked for further details, including if a supplier has been found, a CTP spokesperson told The Register: “We previously confirmed a routine tender process to procure software, however further details on systems and their use will not be made publicly available.” This is not surprising given the operational secrecy around national security tech; or, in this case, takeaway delivery surveillance. Dr Keenan explained: “It’s what the government wants the police to be doing: bringing in these capacities to synthesize multiple different data points to use them effectively and to have these powerful surveillance technologies.” The Met Police requested data from ride and food delivery services Uber, Bolt, JustEat, Deliveroo, and Dominos Pizza a sum total of 768 times in 2025. Hundreds of delivery drivers were arrested last year in a spate of immigration enforcement operations, not long after gig economy firms pledged to use facial recognition checks and fraud detection tech to clamp down on illegal working. In response to all of the findings and questions posed by El Reg, a Met spokesperson said: “Every year the Met makes thousands of requests for communications data from a wide range of companies and telephone providers. The information provided helps our officers gather intelligence, solve crimes and find missing people.” ®
Microsoft seized websites and took down hundreds of virtual machines running a cybercrime service that allegedly sold code-signing certificates to ransomware gangs, thus making their malware look like legitimate software – and allowing criminals to infect thousands of machines in the US, including at least 12 owned and operated by the Windows giant. The malware signing-as-a-service operation called Fox Tempest has been around since May 2025, and abuses Microsoft’s Artifact Signing code-signing service. This service allows developers to digitally sign their software applications, signaling to the Windows operating system and end-user that the software is authentic, and hasn’t been tampered with. Since May 2025, the Fox Tempest crew – referred to as John Doe 1 and 2 in court documents unsealed on Tuesday – used fake identities and impersonated real organizations, allowing them to create more than 580 fraudulent Microsoft accounts. They then used these accounts to abuse Microsoft’s Artifact Signing service and obtain real code-signing credentials, then sold the code-signing certificates to other criminals for thousands of dollars. According to Microsoft, Fox Tempest’s customers included a ransomware group Redmond tracks as Vanilla Tempest (aka Vice Spider, Vice Society, Rhysida), which allegedly used the certificates to digitally sign malware and make it appear legitimate to Windows and users. This also allowed the ransomware slingers “to more easily deploy the malware onto the computers of unsuspecting victims without their consent,” according to the court documents [PDF]. Malware included Windows backdoor Oyster, infostealers Lumma and Vidar, and Rhysida ransomware. Vanilla Tempest “unlawfully accessed victims’ computers and devices, exfiltrated and stole the personal and confidential information of victims, deployed ransomware designed to encrypt victims’ files and systems, and extorted victims by demanding payment in exchange for restoring access to, or suppressing, their data,” the civil complaint continues, adding that the criminal activity remains ongoing. In a subsequent blog post, Microsoft Digital Crimes Unit attorney Steven Masada said the tech company's investigation “further linked Fox Tempest to various additional ransomware affiliates and families, including INC, Qilin, Akira, and others.” Between February and March, the Digital Crimes Unit (DCU), working with “a cooperating source,” anonymously bought and tested the code signing service from John Doe 2, aka SamCodeSign. “These test purchases allowed DCU investigators to observe first-hand how Fox Tempest Defendants operate the service, the information a purchaser is provided, and the instructions given by SamCodeSign to connect to the service and sign the test software created by Microsoft,” the court documents say. “Additionally, the test purchases allowed DCU to identify cryptocurrency wallets used by Fox Tempest Defendants.” During the first test purchase, the source filled out a Google Form asking them to select how quickly they needed the certificates. Standard costs $5,000, while priority runs $7,500 and expedited carries a hefty $9,500 price tag. SamCodeSign then sent a direct message to the source and requested the $7,500 payment to be sent to a bitcoin wallet, according to screenshots (translated from Russian) in the court documents. After the source paid up, SamCodeSign sent instructions on how to access the virtual machine and complete the code signing process. “Microsoft has identified thousands of customer machines, including more than a dozen machines owned and operated by Microsoft, in the United States that have been impacted by malware signed with certificates originating from the tenants created by Fox Tempest Defendants,” the complaint says. ®
The US Cybersecurity and Infrastructure Security Agency (CISA) left open a GitHub repository named “Private-CISA” containing plain-text passwords, private keys, tokens, and secrets – with obvious file names like “external-secret-repo-creds.yaml” and “AWS-Workspace-Firefox-Passwords.csv” – for six months. GitGuardian researcher Guillaume Valadon, fresh off a recent talk on Kubernetes secret leaks, found the public repository on May 14, and told The Register that he “quickly understood that the leak was bad and that time was running out. A national agency having 844 MB of production infrastructure material in a public GitHub repository for six months is as serious as a secrets leak gets.” Valadon, who previously spent nine years at France’s CISA equivalent, ANSSI, told us the leak included tokens for CISA's internal JFrog Artifactory, Azure registry keys, AWS credentials, Kubernetes manifests, ArgoCD application files, Terraform infrastructure code, GitHub personal access tokens, and Entra ID SAML certificates. GitGuardian reported the leaky repository to CISA on May 14, and the agency took it down a day later. A CISA spokesperson told The Register that it was aware of the report and is investigating. "Currently, there is no indication that any sensitive data was compromised as a result of this incident.” It’s not a good look for the nation’s infosec agency, which hasn’t had a permanent boss since Trump took office, is facing hundreds of millions of dollars in budgets cuts on top of deep cuts to staff and funding last year, and has suffered its share of embarrassing security snafus in the interim. In a Tuesday blog, Valadon said he initially thought the repo “was a hoax, given how suspicious the directory names (Backup-April-2026/, All Backups/, LZ-Artifactory/, Kubernetes-Important-Yaml-Files/, ENTRA ID - SAML Certificates/ ...), file names (external-secret-repo-creds.yaml, CAWS GitHub Token.txt, Important AWS Tokens.txt, AWS-Workspace-Firefox-Passwords.csv, Kube-Config.txt ...), and their contents (private keys, personal and professional GitHub tokens, AWS secrets, ...) seemed too good to be true,” Valadon wrote. It wasn’t a hoax – “The Cybersecurity and Infrastructure Security Agency is aware of the reported exposure and is continuing to investigate the situation,” but it was a “catalogue of unsafe practices,” he added, containing passwords stored in plain text, backups committed to Git, and an “explicit” how-to guide for disabling GitHub's secret scanning. After initially reporting the leak through the CERT/CC portal, and only receiving an auto-acknowledgement as of the morning of May 15 – a Friday – Valadon alerted security journalist Brian Krebs about the publicly exposed secrets, which seemed to speed up CISA’s processes. By 6 pm EST that night, the feds took down the repository. Valadon told The Reg he gives CISA credit for quickly deleting the repository. “Most of our responsible disclosures take much longer, and many are never fixed,” he said. “Managing to take the repository offline in a day is impressive work.” He doesn’t know if any other parties with less altruistic intentions found the secrets first, although the fact that the repository was never forked (based on public GitHub events) would seem to indicate that it wasn’t widely circulated on the dark web. “The only ones that can answer definitively is GitHub,” Valadon said. GitHub did not immediately respond to The Register’s inquiry. GitGuardian isn’t aware of any of the exposed credentials being abused by unauthorized individuals “Each category of secret in the repository unlocks a specific attack path,” Valadon said. “Stacked together, they cover the full range: from destructive attacks and ransomware extortion to quiet, long-term persistence inside CISA's build and deployment pipeline. That last scenario worried me the most, and it's why I escalated through every channel we had until the repository was taken offline.” Plus, the committer used both a CISA-issued contractor email and a personal Yahoo email across the same commits, and created the repository using a personal GitHub account. “That mixed-identity pattern is one of the hardest surfaces for security teams to cover, and it's where the worst leaks happen,” Valadon said.®
Updated: If you use Drupal, get ready to patch without delay. The org behind the popular open source content management system is warning of a highly critical vulnerability in Drupal core that is serious enough for it to tell users ahead of Wednesday’s patch release to set aside time to install the fix immediately. The Drupal Security Team’s Monday PSA announcing the imminent patch for Drupal core doesn’t include any specifics, with the PSA noting that Drupal isn’t willing to share additional information until the announcement is made alongside the patch release. That, says Drupal, will happen at some point between 1700 and 2100 UTC on Wednesday, May 20. To reiterate, this vulnerability is found in Drupal core, the bare-bones version of Drupal designed for developers, and not Drupal CMS, the preconfigured version for those who want Drupal but don’t have coding skills. Drupal noted that sites using Drupal Steward, its paid web application firewall service, are protected against known attack vectors, though it still recommends Steward customers update their core instances in case additional exploit methods emerge. “The Drupal Security Team urges you to reserve time for core updates at that time because exploits might be developed within hours or days,” the advisory warns. Drupal also recommends users update to the latest supported release prior to Wednesday’s patch “so that you can address any other upgrade issues before the security window." While it won’t get specific on the nature of the vulnerability, Drupal did share its severity score based on NIST’s standard scoring methodology, and it’s not good: The bug scored 20 out of a max of 25 on that scale, as defined by Drupal’s own documentation. More specifically, it’s trivially easy to leverage, doesn’t require any privilege level to exploit, could make all non-public data on an affected site accessible to the attacker, and could allow an attacker to modify or delete whatever they wanted. The only two things preventing it from scoring a perfect 25/25 are the fact that a known exploit doesn’t exist yet and that it doesn’t affect all configurations, only those using “uncommon module configurations.” Drupal noted that security releases will be published on Wednesday for all currently supported core branches (11.3.x, 11.2.x, 10.6.x, and 10.5.x), as well as unsupported Drupal 11.1.x and 10.4.x branches for sites that have not yet upgraded from older 10.x and 11.x releases. Drupal users on 8.9 and 9.5 are also getting patches “given the potential severity of this issue,” though the advisory warns 8.9 and 9.5 users will need to install those updates manually, which “might introduce other bugs or regressions,” leading Drupal to recommend a full upgrade to a supported core branch. “Drupal 8 and 9 include numerous other, previously disclosed, security vulnerabilities that will not be addressed by either Drupal Steward or the best-effort patch files,” the advisory said. Drupal 7 users are safe. Given the fact that not all Drupal core environments will be affected, the advisory recommends all Drupal core users set aside time on Wednesday to determine whether they’re part of the vulnerable class, and take action immediately if so. ® Updated to add on May 20: The Drupal Security Team has been in contact to warn that, while Core is the primarily vulnerable product, Core's inclusion in Drupal CMS means those environments might be vulnerable too, so anyone running Drupal will need to be sure their site is secure. As for the patch itself, Drupal told us it can be installed in "minutes or maybe seconds depending on the site," which likely won't need to be taken offline in order to install the patch.In other words, you really ought to be sure this gets installed before you're caught being a straggler.