GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...
SiliconANGLE

GitHub confirms breach of 3,800 internal repos after employee installs poisoned VS Code extension

Hackers exfiltrated roughly 3,800 of GitHub Inc.’s internal code repositories after one of its employees installed a poisoned Visual Studio Code extension, the Microsoft Corp.-owned developer platform ...
TechRadar

GitHub confirms breach — thousands of internal repositories hit after employee installs malicious VS Code extension

GitHub confirms an employee’s compromised device led to exfiltration of internal repositories via a poisoned VSCode extension Threat actors TeamPCP are selling an archive of roughly 4,000 repos on the ...
The Next Web

GitHub confirms hackers stole thousands of internal code repositories after employee installed a poisoned VS Code extension

GitHub confirmed that the cybercrime group TeamPCP exfiltrated roughly 3,800 internal code repositories after compromising an employee device through a poisoned VS Code extension. The Microsoft-owned ...

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
Bleeping Computer

GitHub confirms breach of 3,800 repos via malicious VSCode extension

Update May 21: GitHub has now linked this breach to the TanStack npm supply-chain attack and says the employee installed a malicious version of the Nx Console extension. GitHub has confirmed that ...
InfoWorld

GitHub admits major source code leak after 3,800 internal repositories breached

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers exfiltrated code from around 3,800 of the company’s internal repositories. News of ...
PC Magazine

Hackers Infiltrate GitHub by Compromising Employee Device

Microsoft-owned GitHub, a major platform for software developers, has suffered a breach traced to an employee device that was infected with malware. GitHub disclosed the breach on Tuesday and said it ...
TechCrunch

GitHub says hackers stole data from thousands of internal repositories

GitHub, the popular developer platform owned by Microsoft, confirmed it was hacked and attackers had stolen data from around 3,800 internal code repositories. The code hosting and sharing giant said ...
Wired

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

A so-called software supply chain attack, in which hackers corrupt a legitimate piece of software to hide their own malicious code, was once a relatively rare event but one that haunted the ...

7 Best Software Development Project Management Tools in 2026

Discover the best software development project management tools, tested for agile teams, DevOps pipelines, and enterprise ...
The Hacker News

ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities

Oracle PeopleSoft zero-day CVE-2026-35273 was exploited before Oracle's June 10 advisory, exposing data and triggering ...