GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...
Opinion
Morning Overview on MSNOpinion
Hackers just walked off with 3,800 of GitHub’s internal code repositories — smuggled out by a single poisoned plugin a GitHub developer trusted
Somewhere inside GitHub, a developer installed a Visual Studio Code extension. It looked like any other productivity plugin in Microsoft’s marketplace. It wasn’t. That single installation gave ...
The code hosting giant GitHub said it was investigating a breach, but said there was no evidence of customer data theft.
A GitHub employee has unwittingly allowed 3,800 internal repositories to be breached after a device compromise with a poisoned VS Code extension.
Morning Overview on MSN
Hackers just hit @antv inside wave 4 of the TeamPCP worm — the same crew that walked off with 3,800 of GitHub’s internal repositories two weeks ago
Sometime in late May 2026, a poisoned update slipped into the @antv family of JavaScript visualization libraries, the ...
A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.
A VS Code exploit for github.dev can steal GitHub OAuth tokens after one malicious link, exposing private repositories while teams await a patch.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results