GitHub internal repositories exfiltrated via malicious VS Code extension

Source:The Register

02 — Who / Subject

GitHub, TeamPCP (suspected)

03 — Where / Locus

Global

04 — When / Temporality

May 20, 2026

Verified: May 20, 2026

05 — Why / Core Summary

"GitHub reports exfiltration of approximately 3,800 internal repositories. The breach was caused by a poisoned Visual Studio Code extension. GitHub is currently rotating credentials and monitoring for follow-on activity."

Conflict Analysis

A significant security incinformationnt affecting a major DevOps platform. The involvement of a poisoned VS Code extension highlights supply chain risks.

Recommended Background Resource

Affiliate / AdAI Curation

The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities

Author: Mark Dowd, John McDonald, and Justin Schuh

This book provides a deep dive into the mechanics of software vulnerabilities and the supply chain risks inherent in modern development environments, which is essential for understanding how malicious extensions can compromise secure systems.

Explore Background Book (Amazon)

As an Amazon Associate, COMPAMIR earns from qualifying purchases.

Post