GitHub confirms breach — thousands of internal repositories hit after employee installs malicious VS Code extension
GitHub has confirmed a cyberattack that resulted in the theft of sensitive internal repositories. The breach occurred when an employee's device was compromised through a malicious VSCode extension. The attackers, known as TeamPCP, are reportedly selling an archive of around 4,000 repositories on the dark web.
- ▪GitHub confirmed that an employee's device was compromised due to a poisoned VSCode extension.
- ▪The attackers, TeamPCP, are offering an archive of approximately 4,000 repositories for sale on the dark web for $50,000.
- ▪GitHub has taken steps to mitigate the breach by rotating critical secrets and monitoring for further activity.
Opening excerpt (first ~120 words) tap to expand
Pro Security GitHub confirms breach — thousands of internal repositories hit after employee installs malicious VS Code extension News By Sead Fadilpašić published 21 May 2026 TeamPCP continues its attack on open source projects When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. (Image credit: Gil C / Shutterstock) Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter GitHub confirms an employee’s compromised device led to exfiltration of internal repositories via a poisoned VSCode extensionThreat actors TeamPCP are selling an archive of roughly 4,000 repos on the dark web, asking $50,000 with…
Excerpt limited to ~120 words for fair-use compliance. The full article is at TechRadar.
Discussion
0 commentsMore from TechRadar
