A malicious VS code extension just breached GitHub ‘s internal repositories
One employee installed a trojanized VS Code extension. Result: ~3,800 GitHub internal repositories exfiltrated. TeamPCP claims credit, wants $50K. There is something almost ironic about GitHub, the platform that hosts the code for most of the world’s software, getting breached through a trojanized plugin for a code editor. But that is exactly what happened, and […]
There is something almost ironic about GitHub, the platform that hosts the code for most of the world’s software, getting breached through a trojanized plugin for a code editor. But that is exactly what happened, and the company confirmed it over the weekend.
An employee installed a malicious VS Code extension from the official marketplace. That single action was enough to compromise their device and give an attacker access to roughly 3,800 internal GitHub repositories. The company detected the intrusion, isolated the endpoint, pulled the malicious extension from the marketplace, and started incident response. But the data was already gone.
Related breach coverage
- GitHub Confirms Hack Impacting 3,800 Internal Repositories2026-05-20
The TeamPCP hacking group accessed the repositories after a GitHub employee installed a poisoned VS Code extension. The post GitHub Confirms Hack Impacting 3,800 Internal Repositories appeared first on SecurityWeek.
- OpenAI hit by supply chain attack linked to malicious TanStack packages2026-05-16
OpenAI said the TanStack supply chain attack compromised two employee devices and exposed credentials from code repositories. OpenAI confirmed that the recent TanStack supply chain attack compromised two employee devices and exposed credential material stored in internal source code repositories. The incident began after the TeamPCP hacking group abused weaknesses in the package publishing process […]
- NGINX Rift: an 18-year-old flaw in the world’s most deployed web server just came to light2026-05-14
Researchers found a critical 18-year-old buffer overflow flaw in NGINX, tracked as CVE-2026-42945 and named NGINX Rift. If you run NGINX, and statistically speaking, there is a very good chance you do, this week brought news worth stopping for. Security researchers at depthfirst disclosed a critical heap buffer overflow vulnerability in both NGINX Plus and […]
- Real-World ICS Security Tales From the Trenches2026-05-20
SecurityWeek spoke with several ICS security experts and companies about their most memorable experiences in the field. The post Real-World ICS Security Tales From the Trenches appeared first on SecurityWeek.