Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

GitHub Confirms Breach of 3,800 Repos via Malicious VSCode Extension

Summary by Malware Analysis, News and Indicators
Sergiu Gatlan reports: GitHub has confirmed that roughly 3,800 internal repositories were breached after one of its employees installed a malicious VS Code extension. The company has since removed the unnamed trojanized extension from the VS Code marketplace and has secured the compromised device. “Yesterday we detected and contained a compromise of an employee device… Introduction to Malware Binary Triage (IMBT) Course Looking to level up your…
DisclaimerThis story is only covered by news sources that have yet to be evaluated by the independent media monitoring agencies we use to assess the quality and reliability of news outlets on our platform. Learn more here.

10 Articles

GIGAZINEGIGAZINE

GitHub's internal information was leaked, resulting in unauthorized access to approximately 3,800 repositories via a Visual Studio Code extension.

The news blog specialized in Japanese culture, odd news, gadgets and all other funny stuffs. Updated everyday.

Read Full Article
DEVCLASSDEVCLASS

GitHub says internal repos exfiltrated after poisoned VS Code extension attack

Initial assessment says customer data spared while users wonder what else may have slipped out

Read Full Article
Génération-NTGénération-NT

GitHub Confirms a Massive Fault via a VS Code Extension

GitHub has officially confirmed a major internal security breach, resulting from unauthorized access to approximately 3,800 of its private depots. The origin of the attack is a voracious extension for Visual Studio Code (VS Code) installed on an employee's device. TeamPCP's cybercriminal group has claimed the operation and is now auctioning stolen data.

Read Full Article
Tenable®Tenable®

Mini Shai-Hulud Supply Chain Attack CVE-2026-45321 FAQ

A self-propagating worm has compromised more than 170 npm and PyPI packages, defeating provenance attestation and breaching OpenAI and Mistral AI. Here is what you need to know.Key takeawaysMini Shai-Hulud is a self-propagating worm by TeamPCP that steals developer and cloud credentials across the npm and PyPI ecosystems.The campaign achieved a critical security first by compromising packages with valid SLSA Build Level 3 provenance attestations…

Read Full Article
TechGenyzTechGenyz

GitHub Breach: Severe VS Code Supply Chain Attack

A severe GitHub breach has been confirmed, involving unauthorized access to thousands of internal repositories due to a single compromised workflow. As the reports go, the compromise began after a GitHub employee’s device was infected through a malicious Visual Studio Code extension installed on that machine, letting the attackers reach sensitive internal systems. The incident […]

Read Full Article
Help Net SecurityHelp Net Security

GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise

GitHub CISO Alexis Wales has named the malicious VS Code extension behind the breach they suffered at the hands of the threat group TeamPCP: Nx Console, a popular developer tool with 2.2 million installs. A malicious version of the otherwise benign extension was used to steal secrets and developer credentials, which were then used to move through CI/CD pipelines and exfiltrate around 3,800 of GitHub’s private code repositories. One missed token,…

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • There is no tracked Bias information for the sources covering this story.

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

SOFX broke the news on Thursday, May 21, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

Cyberattacks icon

Cyberattacks

OpenAI icon

OpenAI

Cybersecurity icon

Cybersecurity

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal