Skip to content
topics.

GitHub confirms breach, 3,800 internal repos exfiltrated via malicious VS Code extension

techMay 21, 20262668

GitHub confirmed that a trojanized update to the Nx Console Visual Studio Code extension allowed attackers to exfiltrate roughly 3,800 internal repositories. One employee installed the poisoned extension, which harvested developer credentials and let attackers copy repository contents across GitHub's internal infrastructure. A group calling itself TeamPCP claimed responsibility and demanded a $50,000 ransom for the stolen code and data. The incident highlights how compromised developer tooling can become a supply-chain attack vector, forcing companies to tighten vetting of IDE extensions and secrets management.

abadidea
@0xabad1dea.infosec.exchange.ap.brid.gy

info on the github breach appears to only be available on xitter 🙄 , I fished it out for you. #github

post from github on May 20th, 2026: We are sharing additional details regarding our investigation into unauthorized access to GitHub's internal repositories. Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately. Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only. The attacker’s current claims of ~3,800 repositories are directionally consistent with our investigation so far.
3520d ago
abadidea15

gonna gently push back that there's no reason (according to github's version of the story) to associate this with AI or with spectacular incompetence on the part of the employee; the issue is that industry standard, extremely widely used text editor Visual Studio Code has a big button that says […]

Ryan Finnie9

@0xabad1dea My favorite take so far: "holy shit, how did the attackers find a large enough uptime window to get in?"

tmaher2

@0xabad1dea thank you for the fishing

Hackmanac
@hackmanac.com

🚨Data Breach Alert Update ‼️ GitHub Confirms Internal Repository Breach via Malicious VS Code Extension GitHub confirmed unauthorized access to internal repositories after an employee device was compromised through a malicious VS Code extension.

420d ago
International Cyber Digest
@intcyberdigest.bsky.social

‼️🚨 BREAKING: GitHub has been compromised by TeamPCP. GitHub has confirmed the internal breach. A poisoned VS Code extension on an employee device exfiltrated ~3,800 internal repositories. TeamPCP is already selling the data on a cybercrime forum.

1120d ago
BleepingComputer
@bleepingcomputer.com

GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in last week's TanStack npm supply-chain attack.

819d ago
990000
@990000.bsky.social

Thanks VS Code extensions! Lmao I'm changing code editors. “GitHub confirms breach of 3,800 repos via malicious VSCode extension” cosocial.ca/@hub/1166075...

220d ago
Simon Carter
@bbbscarter.bsky.social

Sigh. “Anthropic’s new model automatically finds flaws in software that runs with restricted permissions behind a firewall. Doom!” vs “VSCode extensions are neither moderated nor sandboxed, and execute arbitrary code locally on 50 million installs. Meh!” www.bleepingcomputer.com/news/securit...

119d ago
Anadarko
@anadarkocapital.bsky.social

GitHub is in free-fall. 93% uptime and now we’re hearing about a breach cause they allowed some dev to install a VS Code extension on the devs browser

119d ago
Gadi Evron
@gadievron.bsky.social

If anyone needs the malicious NX Console VS Code extension (GitHub dev breach), as detected by Agent Mesh, ping me. Updated extension is clean: agentmesh.knostic.ai/extensions/1... It was live for 38 minutes: github.com/nrwl/nx-cons... Nx Devtools CEO on the incident: x.com/jeffbcross/s...

119d ago
OpsMatters
@opsmatters.com

The latest update for #Foresiet includes "#GitHub Internal Repositories Breached: Source Code and Internal Data Allegedly Exfiltrated in 2026 Supply Chain Attack". #cybersecurity #infosec https://opsmtrs.com/3J3CMGz

119d ago
Techimo
@techimo.bsky.social

GitHub confirms hacker attack. ~3800 internal code repos compromised via a "poisoned" VS Code extension targeting employee devices. No evidence of customer data breach outside internal repos. Hackers use open-source projects to access dev machines.

120d ago
Blockchain Report
@blockchainreport.bsky.social

GitHub confirms security breach via poisoned VS Code extension, exfiltrating data from ~3,800 internal repos. Incident contained. Binance founder CZ advises users to immediately review/rotate API keys in code, regardless of privacy. #crypto #blockchain #news

120d ago
Cryptovka | News | CryptoMarket & Blockchain
@cryptovka-news.bsky.social

GitHub confirms security breach via malicious VS Code extension. Attackers accessed internal repos, exfiltrating data from ~3,800. Public services unaffected. 🚨 Security experts highlight supply-chain risks. Advised: Audit extensions & enable MFA. (Source: GitHub)

120d ago
Poster | Crypto News
@cryptonews-poster.bsky.social

GitHub confirms data breach via malicious VS Code extension. Employee device compromised, impacting internal repos. Attackers claim ~3800 repos affected. GitHub is rotating credentials & investigating. Anthropic's Mythos tools potentially used. #crypto #blockchain #news

120d ago
SagaLinked
@sagalinked.bsky.social

📰 GitHub has initiated an investigation into unauthorized access to their internal repositories, following reports of potential breaches. 🔗 https://twitter.com/github/status/2056884788179726685 #Tech #Dev

19d ago
Hacker & Security News
@hacker.at.thenote.app

A malicious VS code extension just breached GitHub ‘s internal repositories One employee installed a trojanized VS Code extension. Result: ~3,800 GitHub internal repositories exfiltrated. TeamPCP claims credit, wants $50K. There is something almost ironic about GitHub, the platfo… #hackernews #news

19d ago
3 sources
thehackernews.comGitHub Internal Repositories Breached via Malicious Nx Console VS Code Extensionsecurityaffairs.comA malicious VS code extension just breached GitHub ‘s internal repositoriesbleepingcomputer.comGitHub confirms breach of 3,800 repos via malicious VSCode extension

Related

U.S. to award $2 billion to quantum computing firms, take equity stakestechGitHub confirms breach, 3,800 internal repos exfiltrated via malicious VS Code extensiontechTesla Cybertruck 'Wade Mode' Test Ends With Arresttech