Security researchers say 5,500 GitHub repositories have been affected by the attack.

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate ...

GitHub has said it found about 3,800 internal repositories accessed in the breach and stressed that these contained its own code rather than customer projects. The ...

Sometime in early 2026, a software developer did what millions of programmers do every week: updated a dependency. The ...

Sometime in early 2025, an attacker slipped malicious code into a Visual Studio Code extension, and a GitHub employee installed it. For several days, that extension ran quietly on the developer’s ...

GitHub's user base has swelled under Microsoft's ownership, but the software repository has fallen behind newer rivals in the ...

GitHub is battling outages, security issues, and a talent exodus. is a senior correspondent and author of Notepad, who has ...

A threat actor compromised an Nx developer and posed as a legitimate maintainer to publish a malicious extension on Visual ...

GitHub confirms breach of 3,800 internal repos after employee installs poisoned VS Code extension - SiliconANGLE ...

GitHub faces an internal repository breach this week after a poisoned VS Code extension on an employee device exposed roughly 3,800 internal repositories. Customer data stored outside those ...

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.

An unauthorised group calling itself TeamPCP accessed GitHub's internal repositories, targeting VSCode extensions used by ...