GitHub confirmed that approximately 3,800 internal repositories were exposed after an employee's device was compromised via a malicious Visual Studio Code extension. The hacking group TeamPCP claimed responsibility on the Breached cybercrime forum, alleging possession of source code and private repositories and demanding at least $50,000. GitHub has removed the extension, isolated the endpoint, rotated credentials, and is investigating. The incident highlights the growing threat of malicious IDE extensions and supply chain attacks targeting developer tooling, with TeamPCP also linked to campaigns involving GitHub Actions, npm, Docker, and PyPI ecosystems.
Table of contents
Protecting Dev ToolsSort: