A poisoned VS Code extension gave hackers access to thousands of GitHub's internal source code repositories.
GitHub has confirmed that approximately 3,800 of its internal repositories were stolen after an employee unknowingly installed a malicious Visual Studio Code extension. The threat actor, identified as TeamPCP, used the poisoned coding tool as an entry point to access GitHub's private source code. The incident highlights the growing risk of supply chain attacks targeting developer tools and environments. By compromising a trusted extension in a widely used code editor, attackers bypassed traditional security perimeters and gained direct access to sensitive internal assets. GitHub has acknowledged the breach and is investigating the full scope of the damage. The attack underscores the importance of vetting third-party developer tools, even those sourced from established marketplaces. This type of software supply chain vulnerability has become an increasingly common vector for sophisticated cyberattacks targeting major technology companies and their internal infrastructure.
— Sponsored —
Trade smarter on BYDFI
Deposit $20,000 and claim a $2,000 bonus — up to 200x leverage, 600+ perpetuals, deep liquidity.