Bleepingcomputer
GitHub Breach: 3,800 Internal Repositories Compromised via Malicious VS Code Extension
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
On May 20, 2026, GitHub confirmed a significant security breach involving a poisoned Visual Studio Code (VS Code) extension that compromised an employee's device. The attack, attributed to the TeamPCP hacking group, resulted in the exfiltration of approximately 3,800 internal repositories. GitHub's initial assessment indicated that the breach did not affect customer data stored outside its internal systems. The malicious extension was promptly removed, and GitHub initiated an incident response, including credential rotation. TeamPCP is reportedly offering the stolen data for sale on cybercrime forums, demanding at least $50,000. The breach highlights vulnerabilities in developer tools and the potential for significant impacts on software supply chains. GitHub is continuing to monitor for any follow-on activity as the investigation progresses.
Key Points: • GitHub confirmed the breach of approximately 3,800 internal repositories via a malicious VS Code extension. • The TeamPCP hacking group claimed responsibility and is attempting to sell the stolen data for over $50,000. • GitHub's response included immediate isolation of the affected device and rotation of critical credentials.