GitHub breach tied to poisoned VS Code extension hits thousands of internal repos

May 20, 2026 at 06:20 PM

•

1 min read

GitHub breach tied to poisoned VS Code extension hits thousands of internal repos — Photo: BleepingComputer

TL;DR Summary

GitHub confirmed that a poisoned Visual Studio Code extension installed on an employee’s device led to the exfiltration of roughly 3,800 internal repositories; the malicious extension was removed from the VS Code Marketplace and the endpoint isolated, with incident response begun. Current assessment indicates only GitHub’s internal repositories were affected and there is no evidence that customer data outside the affected repos was compromised. The TeamPCP group has claimed access to about 4,000 repos on a cybercrime forum, though attribution remains unsettled. This follows a history of trojanized VS Code extensions used to steal code and credentials.

Topics:business #data-exfiltration #github #internal-repositories #security #teampcp #vscode-extension

Share this article

GitHub confirms breach of 3,800 repos via malicious VSCode extension BleepingComputer
GitHub Breached via VS Code Extension | Developer Supply Chain Attack 2026 Aikido Security
Compromised coding tool helped hackers breach thousands of GitHub repositories Cybersecurity Dive
Nx Console VS Code Extension Compromised StepSecurity
GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos The Hacker News

Reading Insights

Total Reads

Unique Readers

Time Saved

3 min

vs 4 min read

Condensed

88%

778 → 97 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights