GitHub Confirms Breach — Thousands of Internal Repositories Hit After Employee Installs Malicious VS Code Extension
GitHub said the attack exposed about 3,800 internal repositories and prompted a rotation of compromised secrets after a poisoned extension spread through auto-updates.
- On Wednesday, GitHub confirmed that a cyberattack compromised an employee's device, exposing internal repositories after the employee downloaded a poisoned version of the Console Microsoft Visual Studio Code extension.
- Threat actors known as TeamPCP are selling an archive of roughly 4,000 repositories for $50,000, continuing their Shai-Hulud and Mini Shai-Hulud campaigns.
- The malicious VSCode extension, which was live on Visual Studio Marketplace for only 18 minutes, allowed attackers to harvest sensitive data from AWS and Anthropic configurations.
- Alexis Wales, Chief Information Security Officer of GitHub, stated, "We have no evidence of impact," regarding customer information stored outside GitHub-internal repositories, noting the company has rotated critical secrets.
- This incident follows the TanStack supply chain attack, which impacted OpenAI, Mistral, and Grafana Labs; Jeff Cross, co-founder of Narwhal Technologies, noted the need for "fundamental changes in securing developer tooling.
20 Articles
20 Articles
Hackers breach GitHub and access 3,800 internal repositories now listed for sale
GitHub has said it found about 3,800 internal repositories accessed in the breach and stressed that these contained its own code rather than customer projects. The attackers, a group calling itself TeamPCP, claim the number is closer to 4,000 and are actively attempting to sell the stolen data.Read Entire Article
GitHub Investigates Internal Code Theft by TeamPCP Hacker Group
Reading Time: 3 minutesKey Takeaways: The hack was carried out by TeamPCP, a notorious group famous for launching massive supply chain attacks since 2026. The attackers gained access by using a malicious VS Code extension installed on an employee’s device. TeamPCP is currently selling the stolen data on dark web forums for a starting price of $50,000, threatening to leak it for free if it doesn’t sell. GitHub has officially confirmed that it is…
GitHub employee device breach exposes thousands of internal repositories
GitHub has revealed a significant internal security breach after attackers gained access to nearly 3,800 private repositories through a compromised employee device. The incident was traced back to a malicious extension installed within Visual Studio Code, highlighting growing concerns around software development environments and third-party tools. The security issue surfaced earlier this week when GitHub identified suspicious activity on an empl…
On May 20, 2026, GitHub confirmed the compromise of internal deposits after an employee installed a malicious Microsoft Visual Studio Code extension. Nearly 3,800 internal deposits were exfiled by the TeamPCP group, which put the source code for sale for $50,000 on a cybercriminal forum. No impact [...] The post Anatomy of the attack Github, an extension VS Code malicious opens access to 3,800 deposits appeared first on IT SOCIAL.
Coverage Details
Bias Distribution
- 67% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
