Wednesday, May 20, 2026

in-security: GitHub VS Code Extension hacked

 GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos @Hacker News

Here is a highly condensed breakdown of the GitHub breach:

  • The Incident: Threat actor TeamPCP listed GitHub's internal source code for sale on a cybercrime forum for $50,000, claiming to have stolen roughly 4,000 repositories.

  • The Cause: A single employee's device was compromised via a poisoned Microsoft Visual Studio Code extension.

  • The Impact: GitHub confirmed the exfiltration of ~3,800 internal repositories but stated there is no evidence of impact to customer data or external infrastructure.

  • The Worm Campaign: The breach is linked to TeamPCP's broader "Mini Shai-Hulud" malware campaign. The group used stolen GitHub secrets to hijack Microsoft's official Python package durabletask on PyPI, turning it into a Linux infostealer that automatically propagates across AWS and Kubernetes environments.

I'm getting tired... - YouTube by MaxS
GitHub hacked


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)