For a few months, TeamPCP has been ruling the world of open-source supply chain attacks. Since the first Trivy attack in February 2026, the threat actor group has been chaining the new compromise, mainly by reusing previously leaked credentials.

This cascading effect has been better illustrated during the TanStack campaign. The original compromise affected Mistral AI, Grafana, and a developer of the Nx Console VS Code extension. Later on, exfiltrated credentials allowed the compromise of the Nx Console extension itself, which, in turn, impacted GitHub.

Those attack chains clearly demonstrate how remediation is key to limiting the blast radius and expansion of the compromise. What we’ve observed is that attackers now exploit leaked secrets faster than defenders can rotate them.

Mistral AI, Grafana, and GitHub all confirmed that the threat actors gained access to multiple private code repositories. This raises real security concerns both for those companies and the users of their services.

The Private Code Secrets Problem

One point that GitGuardian has observed and reported in multiple releases of the State of Secrets Sprawl report is the concentration of credentials in private repositories.

According to this year’s reports, private repositories contain 6 times as many credentials as public ones.

32.2% of private repositories contain at least one secret

The risk in that case is that the breached private repositories contain secrets that could be used to amplify this supply-chain attack. Depending on the scope of those secrets, threat actors could poison additional services or software, which, considering the prevalence of GitHub or Grafana across corporate environments, could have a serious downstream impact.

The Risk Of 0-day Exploitation

Another often-overlooked consequence of a private code leak is the risk of vulnerability discovery and exploitation. Unlike open-source code, private code doesn't benefit from continuous external scrutiny: no bug bounty hunters, no external researchers diffing commits. Vulnerabilities may be just as prevalent, but they're far less likely to have been found already.

With access to this confidential codebase, threat actors gain valuable insights into the internal operations of sensitive services and software, giving them an unfair advantage when searching for and exploiting vulnerabilities. While discovering and weaponizing 0-day vulnerabilities in a large codebase requires specific skills and knowledge, recent improvements in frontier AI models have lowered the barrier to entry.

The risk of observing 0-day exploitation of GitHub, Grafana, or other victims’ software in the future is real.

Sample of the 4,000 compromised code repositories

The TeamPCP threat actor has released a sample of code from the GitHub breach. Although they contain only two files, their analysis already provides valuable insights into GitHub's service architecture, which clearly illustrates the risk.

Unknown Threats Ahead

It’s hard to tell if threat actors will take the time and effort to properly analyze and exploit the private code breached in this supply chain attack, but the risk is real. If you use Grafana, GitHub, or Mistral, you should keep that in mind.

Our chance is that any future exploitation will take time, which gives us a window of opportunity to harden our environments:

  • If you host private code on GitHub, make sure to scan it for secrets. Your code might leak in a GitHub attack, but your secrets will stay safe. CI/CD secrets can’t easily be removed, but proper observability and good privilege hygiene will make remediation easier.
  • If you use software from Mistral or Grafana, now is the right time to think about system hardening. Least privileges, containerization, or network isolation are evergreen best practices that will help keep you safe in the event of a future breach.

In both cases, planting honeytokens in your sensitive environments is a good way to get early disaster alarms.