SOC Incident Toolkit
Back to Campaigns
TeamPCP Takes Action Against GitHub

TeamPCP Takes Action Against GitHub

TeamPCPUNC6780VS Code extension

TeamPCP compromised a GitHub employee device via a poisoned VS Code extension, exfiltrating approximately 3,800 internal repositories containing GitHub's core platform source code, billing logic, enterprise authentication systems, and security tooling internals. GitHub confirmed the breach on May 19-20, 2026, and has rotated critical secrets. No customer repository impact has been confirmed as of the report date.

Indicators of Compromise

Domains (2)

t.m-kosche.comcheck.git-service.com

Hashes (3)

c0b094e46842260936d4b97ce63e4539b99a3eae48b736798c700217c52569dc069ac1dc7f7649b76bc72a11ac700f373804bfd81dab7e561157b703999f44ce3de04fe2a76262743ed089efa7115f4508619838e77d60b9a1aab8b20d2cc8bf

IPv4 (2)

185.95.159.32160.119.64.3

APT Groups

TeamPcp

Notes

<p class="font-claude-response-body break-words whitespace-normal leading-[1.7]"><span style="font-family: Inter, sans-serif;"><b>CONCLUSION</b></span><br><br>TeamPCP's attack against GitHub marks a significant escalation in the group's 2026 supply chain campaign. What began as a series of targeted package ecosystem compromises — Trivy, Checkmarx, LiteLLM, OpenAI, Mistral AI — has culminated in the breach of one of the world's most critical developer infrastructure platforms, used by over 180 million developers and 90% of Fortune 100 companies.</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">The attack vector is deceptively simple: a single poisoned VS Code extension on one employee device was sufficient to exfiltrate approximately 3,800 internal repositories containing GitHub's core platform source code, billing logic, enterprise authentication systems, and the very secret scanning engine designed to protect developers. No zero-day exploit was required. No sophisticated network intrusion. Just a trusted developer tool turned against the platform that hosts the world's software supply chain.</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">Three conclusions define the long-term significance of this incident:</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]"><strong>Internal source code exposure has a long tail.</strong> The exfiltrated repositories give adversaries a permanent blueprint of GitHub's platform. Undisclosed vulnerabilities, authentication bypass research, and secret scanning evasion techniques can be developed privately over months using this material — long after GitHub's immediate incident response is complete.</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]"><strong>Developer tooling is the new perimeter.</strong> TeamPCP has demonstrated that the most effective path into critical infrastructure is not through firewalls or network intrusions — it is through the tools developers trust unconditionally every day. VS Code extensions, PyPI packages, and CI/CD integrations are installed and executed with minimal verification. Until the trust model for developer tooling is fundamentally reassessed, this attack surface will remain wide open.</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]"><strong>TeamPCP's stated 'retirement' should not be taken at face value.</strong> The group's messaging — "it's been an honor to play around with the cats" — is consistent with a high-profile exit operation designed to maximize reputational impact and sale value. Actors of this sophistication and operational tempo do not simply disappear. The intelligence gathered from GitHub's internal codebase will continue to generate value for whoever acquires it, long after TeamPCP moves on.</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">The investigation remains active. Security teams should treat this campaign as ongoing, monitor GitHub's official communications closely, and prioritize the mitigation actions outlined in this report — particularly VS Code extension auditing, GitHub credential rotation, and supply chain dependency pinning. The organizations that stand down prematurely will be the ones most exposed to the next wave.</p>

Mitigation

<span id="docs-internal-guid-9103a028-7fff-49d1-1a72-af0528a90f9e"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(192, 57, 43); background-color: transparent; font-weight: 700; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Mitigation </span></span><br><span id="docs-internal-guid-7688f5d1-7fff-110d-7b6c-e9a81c36951a"><div style="margin-left:0pt;" align="left"><table style="border:none;border-collapse:collapse;"><colgroup><col><col><col></colgroup><thead><tr style="height:0pt;"><th style="border-left:solid #bdc3c7 0.5pt;border-right:solid #bdc3c7 0.5pt;border-bottom:solid #bdc3c7 0.5pt;border-top:solid #bdc3c7 0.5pt;vertical-align:top;background-color:#1c2533;padding:3.5pt 5pt 3.5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(255, 255, 255); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Priority</span></p></th><th style="border-left:solid #bdc3c7 0.5pt;border-right:solid #bdc3c7 0.5pt;border-bottom:solid #bdc3c7 0.5pt;border-top:solid #bdc3c7 0.5pt;vertical-align:top;background-color:#1c2533;padding:3.5pt 5pt 3.5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(255, 255, 255); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Action</span></p></th><th style="border-left:solid #bdc3c7 0.5pt;border-right:solid #bdc3c7 0.5pt;border-bottom:solid #bdc3c7 0.5pt;border-top:solid #bdc3c7 0.5pt;vertical-align:top;background-color:#1c2533;padding:3.5pt 5pt 3.5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(255, 255, 255); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Deadline</span></p></th></tr></thead><tbody><tr style="height:0pt;"><td style="border-width: 0.5pt; border-style: solid; border-color: rgb(189, 195, 199); vertical-align: top; padding: 3.5pt 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">CRITICAL</span></p></td><td style="border-width: 0.5pt; border-style: solid; border-color: rgb(189, 195, 199); vertical-align: top; padding: 3.5pt 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Remove malicious durabletask versions (1.4.1, 1.4.2, 1.4.3) from all Python environments. Run: pip show durabletask</span></p></td><td style="border-width: 0.5pt; border-style: solid; border-color: rgb(189, 195, 199); vertical-align: top; padding: 3.5pt 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Immediate</span></p></td></tr><tr style="height:0pt;"><td style="border-left:solid #bdc3c7 0.5pt;border-right:solid #bdc3c7 0.5pt;border-bottom:solid #bdc3c7 0.5pt;border-top:solid #bdc3c7 0.5pt;vertical-align:top;background-color:#f4f6f7;padding:3.5pt 5pt 3.5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">CRITICAL</span></p></td><td style="border-left:solid #bdc3c7 0.5pt;border-right:solid #bdc3c7 0.5pt;border-bottom:solid #bdc3c7 0.5pt;border-top:solid #bdc3c7 0.5pt;vertical-align:top;background-color:#f4f6f7;padding:3.5pt 5pt 3.5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Block check.git-service[.]com at DNS and perimeter firewall -- confirmed TeamPCP C2</span></p></td><td style="border-left:solid #bdc3c7 0.5pt;border-right:solid #bdc3c7 0.5pt;border-bottom:solid #bdc3c7 0.5pt;border-top:solid #bdc3c7 0.5pt;vertical-align:top;background-color:#f4f6f7;padding:3.5pt 5pt 3.5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Immediate</span></p></td></tr><tr style="height:0pt;"><td style="border-width: 0.5pt; border-style: solid; border-color: rgb(189, 195, 199); vertical-align: top; padding: 3.5pt 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">CRITICAL</span></p></td><td style="border-width: 0.5pt; border-style: solid; border-color: rgb(189, 195, 199); vertical-align: top; padding: 3.5pt 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Audit all VS Code extensions across developer fleet -- remove any not on approved allowlist</span></p></td><td style="border-width: 0.5pt; border-style: solid; border-color: rgb(189, 195, 199); vertical-align: top; padding: 3.5pt 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Immediate</span></p></td></tr><tr style="height:0pt;"><td style="border-left:solid #bdc3c7 0.5pt;border-right:solid #bdc3c7 0.5pt;border-bottom:solid #bdc3c7 0.5pt;border-top:solid #bdc3c7 0.5pt;vertical-align:top;background-color:#f4f6f7;padding:3.5pt 5pt 3.5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">CRITICAL</span></p></td><td style="border-left:solid #bdc3c7 0.5pt;border-right:solid #bdc3c7 0.5pt;border-bottom:solid #bdc3c7 0.5pt;border-top:solid #bdc3c7 0.5pt;vertical-align:top;background-color:#f4f6f7;padding:3.5pt 5pt 3.5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Rotate all GitHub PATs, GitHub Actions secrets, and OAuth tokens -- treat pre-May 20 tokens as potentially compromised</span></p></td><td style="border-left:solid #bdc3c7 0.5pt;border-right:solid #bdc3c7 0.5pt;border-bottom:solid #bdc3c7 0.5pt;border-top:solid #bdc3c7 0.5pt;vertical-align:top;background-color:#f4f6f7;padding:3.5pt 5pt 3.5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Immediate</span></p></td></tr><tr style="height:0pt;"><td style="border-width: 0.5pt; border-style: solid; border-color: rgb(189, 195, 199); vertical-align: top; padding: 3.5pt 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">HIGH</span></p></td><td style="border-width: 0.5pt; border-style: solid; border-color: rgb(189, 195, 199); vertical-align: top; padding: 3.5pt 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Block VS Code (Code.exe) from outbound connections to non-Microsoft/GitHub domains at endpoint firewall</span></p></td><td style="border-width: 0.5pt; border-style: solid; border-color: rgb(189, 195, 199); vertical-align: top; padding: 3.5pt 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">24 hours</span></p></td></tr><tr style="height:0pt;"><td style="border-left:solid #bdc3c7 0.5pt;border-right:solid #bdc3c7 0.5pt;border-bottom:solid #bdc3c7 0.5pt;border-top:solid #bdc3c7 0.5pt;vertical-align:top;background-color:#f4f6f7;padding:3.5pt 5pt 3.5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">HIGH</span></p></td><td style="border-left:solid #bdc3c7 0.5pt;border-right:solid #bdc3c7 0.5pt;border-bottom:solid #bdc3c7 0.5pt;border-top:solid #bdc3c7 0.5pt;vertical-align:top;background-color:#f4f6f7;padding:3.5pt 5pt 3.5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Deploy Sigma rule: alert on Code.exe connecting to unknown external domains</span></p></td><td style="border-left:solid #bdc3c7 0.5pt;border-right:solid #bdc3c7 0.5pt;border-bottom:solid #bdc3c7 0.5pt;border-top:solid #bdc3c7 0.5pt;vertical-align:top;background-color:#f4f6f7;padding:3.5pt 5pt 3.5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">24 hours</span></p></td></tr><tr style="height:0pt;"><td style="border-width: 0.5pt; border-style: solid; border-color: rgb(189, 195, 199); vertical-align: top; padding: 3.5pt 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">HIGH</span></p></td><td style="border-width: 0.5pt; border-style: solid; border-color: rgb(189, 195, 199); vertical-align: top; padding: 3.5pt 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Deploy Sigma rule: alert on durabletask malicious version installation (CRITICAL alert, no false positives)</span></p></td><td style="border-width: 0.5pt; border-style: solid; border-color: rgb(189, 195, 199); vertical-align: top; padding: 3.5pt 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">24 hours</span></p></td></tr><tr style="height:0pt;"><td style="border-left:solid #bdc3c7 0.5pt;border-right:solid #bdc3c7 0.5pt;border-bottom:solid #bdc3c7 0.5pt;border-top:solid #bdc3c7 0.5pt;vertical-align:top;background-color:#f4f6f7;padding:3.5pt 5pt 3.5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">HIGH</span></p></td><td style="border-left:solid #bdc3c7 0.5pt;border-right:solid #bdc3c7 0.5pt;border-bottom:solid #bdc3c7 0.5pt;border-top:solid #bdc3c7 0.5pt;vertical-align:top;background-color:#f4f6f7;padding:3.5pt 5pt 3.5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Implement VS Code extension allowlisting via settings.json extensions.allowedExtensionIDs</span></p></td><td style="border-left:solid #bdc3c7 0.5pt;border-right:solid #bdc3c7 0.5pt;border-bottom:solid #bdc3c7 0.5pt;border-top:solid #bdc3c7 0.5pt;vertical-align:top;background-color:#f4f6f7;padding:3.5pt 5pt 3.5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">24 hours</span></p></td></tr><tr style="height:0pt;"><td style="border-width: 0.5pt; border-style: solid; border-color: rgb(189, 195, 199); vertical-align: top; padding: 3.5pt 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">HIGH</span></p></td><td style="border-width: 0.5pt; border-style: solid; border-color: rgb(189, 195, 199); vertical-align: top; padding: 3.5pt 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Pin all dependency versions in requirements.txt / package.json -- prevent silent upgrade to malicious versions</span></p></td><td style="border-width: 0.5pt; border-style: solid; border-color: rgb(189, 195, 199); vertical-align: top; padding: 3.5pt 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">48 hours</span></p></td></tr><tr style="height:0pt;"><td style="border-left:solid #bdc3c7 0.5pt;border-right:solid #bdc3c7 0.5pt;border-bottom:solid #bdc3c7 0.5pt;border-top:solid #bdc3c7 0.5pt;vertical-align:top;background-color:#f4f6f7;padding:3.5pt 5pt 3.5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">MEDIUM</span></p></td><td style="border-left:solid #bdc3c7 0.5pt;border-right:solid #bdc3c7 0.5pt;border-bottom:solid #bdc3c7 0.5pt;border-top:solid #bdc3c7 0.5pt;vertical-align:top;background-color:#f4f6f7;padding:3.5pt 5pt 3.5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Migrate GitHub Actions secrets to OIDC-based cloud auth -- eliminates long-lived secrets stored in GitHub</span></p></td><td style="border-left:solid #bdc3c7 0.5pt;border-right:solid #bdc3c7 0.5pt;border-bottom:solid #bdc3c7 0.5pt;border-top:solid #bdc3c7 0.5pt;vertical-align:top;background-color:#f4f6f7;padding:3.5pt 5pt 3.5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">1 week</span></p></td></tr><tr style="height:0pt;"><td style="border-width: 0.5pt; border-style: solid; border-color: rgb(189, 195, 199); vertical-align: top; padding: 3.5pt 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">MEDIUM</span></p></td><td style="border-width: 0.5pt; border-style: solid; border-color: rgb(189, 195, 199); vertical-align: top; padding: 3.5pt 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Enable required reviewers for workflow files (.github/workflows/) -- prevents unauthorized CI/CD pipeline changes</span></p></td><td style="border-width: 0.5pt; border-style: solid; border-color: rgb(189, 195, 199); vertical-align: top; padding: 3.5pt 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">1 week</span></p></td></tr><tr style="height:0pt;"><td style="border-left:solid #bdc3c7 0.5pt;border-right:solid #bdc3c7 0.5pt;border-bottom:solid #bdc3c7 0.5pt;border-top:solid #bdc3c7 0.5pt;vertical-align:top;background-color:#f4f6f7;padding:3.5pt 5pt 3.5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">MEDIUM</span></p></td><td style="border-left:solid #bdc3c7 0.5pt;border-right:solid #bdc3c7 0.5pt;border-bottom:solid #bdc3c7 0.5pt;border-top:solid #bdc3c7 0.5pt;vertical-align:top;background-color:#f4f6f7;padding:3.5pt 5pt 3.5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Add additional secret scanning tools (truffleHog, Gitleaks, GitGuardian) beyond GitHub built-in -- TeamPCP now knows GitHub's detection patterns</span></p></td><td style="border-left:solid #bdc3c7 0.5pt;border-right:solid #bdc3c7 0.5pt;border-bottom:solid #bdc3c7 0.5pt;border-top:solid #bdc3c7 0.5pt;vertical-align:top;background-color:#f4f6f7;padding:3.5pt 5pt 3.5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 8.5pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">1 week</span></p></td></tr></tbody></table></div></span>