GitHub repositories compromised, Webworm targets Europe, fake Outlook & cybercriminal VPN [326]
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community. https://community.limacharlie.com/
Originally recorded: Friday May 22, 2026
- GitHub has confirmed that roughly 3,800 internal repositories were accessed in a supply chain compromise tied to the hacking group TeamPCP. https://www.securityweek.com/github-confirms-hack-impacting-3800-internal-repositories/
- China-aligned threat actor Webworm has shifted its targeting focus from Asia to Europe, according to new research published by ESET. https://www.darkreading.com/endpoint-security/chinas-webworm-discord-microsoft-graphs
- Researchers uncovered a previously undocumented Microsoft 365 account takeover panel that integrates directly with Evilginx Pro infrastructure to streamline token theft and post-compromise operations. https://newtonpaul.com/blog/evilginx-m365-aitm-panel-research/
- European and North American law enforcement agencies announced the dismantling of “First VPN,” a VPN service allegedly built to support cybercriminal activity including ransomware operations, data theft, scanning, and denial-of-service attacks. https://thehackernews.com/2026/05/first-vpn-dismantled-in-global-takedown.html
Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.
This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at https://limacharlie.io/