GitHub says internal repos exfiltrated after poisoned VS Code extension attack
GitHub has reported that internal repositories were exfiltrated due to a malicious Visual Studio Code extension. The company is currently analyzing logs and monitoring for further activity while assuring that customer data remains safe. Concerns have been raised about the potential risk to private repositories and the implications of the attack on the platform's security.
- ▪GitHub fell victim to a poisoned VS Code extension that led to the exfiltration of internal repositories.
- ▪The attackers, linked to the TeamPCP malware crew, claimed to have access to around 4,000 repositories and threatened to leak the code if not sold.
- ▪There are concerns regarding the security of private repositories and the potential leakage of sensitive commercial code.
Opening excerpt (first ~120 words) tap to expand
(function() { let windowUrl = window.location.href; windowUrl = windowUrl.substring(windowUrl.indexOf('?') + 1); let messageElement = document.querySelector('.shareableMessage'); if (windowUrl && windowUrl.includes('code') && windowUrl.includes('expires')) { messageElement.style.display = 'block'; } })(); DevOps GitHub says internal repos exfiltrated after poisoned VS Code extension attack Initial assessment says customer data spared while users wonder what else may have slipped out Tim Anderson Tim Anderson Published wed 20 May 2026 // 11:27 UTC GitHub, the world's biggest code repository and DevOps platform, fell victim to a malicious Visual Studio Code (VS Code) extension.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at theregister.