Breaking news

GitHub Breach Underscores Risks In Developer Ecosystem

GitHub, the widely-used developer platform under Microsoft, has confirmed a security breach that exposed data from approximately 3,800 internal code repositories. The company quickly assured that there was no evidence of customer data compromise beyond its internal systems, while investigations are actively ongoing.

Incident Overview And Immediate Response

According to GitHub’s posts on X, the attack stemmed from a compromise of an employee device, which was exploited via a polluted Visual Studio Code extension. This particular extension, used extensively by developers, was poisoned to facilitate unauthorized access. Currently, GitHub has refrained from naming the affected extension, emphasizing its containment and ongoing scrutiny.

The Tactics Behind The Attack

Cybercriminal groups are increasingly targeting popular open-source projects, including widely adopted coding extensions, to achieve scale. By compromising a trusted extension, hackers can simultaneously penetrate thousands of systems, dramatically amplifying the impact. This method leverages the inherent trust placed in the tools that empower modern software development.

Attribution And Related Threats

Reports from The Record and Bleeping Computer indicate that the hacking collective, TeamPCP, has claimed responsibility for this breach. Notably, TeamPCP has a history of high-profile actions, including the data breach at the European Commission, where over 90 gigabytes of data were compromised. Similar tactics were observed in a separate incident involving OpenAI and Tanstack, underscoring a broader trend within the cyber threat landscape.

Implications For The Future Of Cybersecurity

The GitHub breach serves as a potent reminder of the vulnerabilities within the open-source ecosystem. As organizations and developers increase reliance on interconnected tools and platforms, the need for rigorous security protocols and vigilant monitoring becomes all the more critical. This incident reinforces the importance of proactive defensive measures and continuous evaluation of third-party components in maintaining robust cybersecurity postures.

Keve Welcomes New Cyprus Business Development Organisation

The Cyprus Chamber of Commerce and Industry (Keve) has welcomed Parliament’s unanimous approval of legislation establishing the Cyprus Business Development Organisation, describing it as a major step toward improving access to finance for small and medium-sized enterprises, startups and self-employed professionals.

Expanding Access To Finance

The legislation creates a new public body aimed at addressing financing gaps by supporting businesses that struggle to secure funding through traditional channels.

According to Keve, the initiative could strengthen entrepreneurship, boost competitiveness and support Cyprus’ green and digital transition. The chamber has long argued that SMEs rely too heavily on bank financing, limiting investment, expansion and innovation.

Keve Calls For Swift Implementation

Keve said it helped shape the legislation through the consultation process and called for the organisation to become operational as quickly as possible. It also pledged to continue working with the Finance Ministry and the organisation’s management to support implementation.

How The Organisation Will Operate

Approved by Parliament on Tuesday, the legislation establishes Cyprus’ national business development body under the supervision of the Finance Minister, while the Central Bank of Cyprus will oversee anti-money laundering compliance.

The organisation will design financing programmes, provide loans and conduct studies to identify weaknesses in the financing market.

Cyprus will provide €60 million in initial capital. Over time, the body will also be able to raise funding from European and international institutions and benefit from state guarantees linked to approved strategic priorities.

Recovery Plan Milestone

Creation of the organisation is one of the final milestones under Cyprus’ Recovery and Resilience Plan and is required for the country to receive the plan’s ninth and final payment. Appointment of the board of directors remains the last outstanding step.

Before approving the bill, the Finance Ministry revised the draft following consultations with MPs and stakeholders. The changes removed provisions allowing the organisation to establish companies and narrowed the list of eligible beneficiaries by excluding small mid-cap companies.

Lawmakers also strengthened governance rules by introducing stricter board suitability requirements, conflict-of-interest safeguards, enhanced reporting obligations and borrowing limits. A seven-member board appointed by the Cabinet will oversee the organisation, while a transitional board will serve for two years until it becomes fully operational.

Uol
Aretilaw firm
The Future Forbes Realty Global Properties
eCredo

Become a Speaker

Become a Speaker

Become a Partner

Subscribe for our weekly newsletter