Hosted on MSN

Hackers just walked off with 3,800 of GitHub’s internal code repositories — smuggled out by a single poisoned plugin a GitHub developer trusted

Somewhere inside GitHub, a developer installed a Visual Studio Code extension. It looked like any other productivity plugin in Microsoft’s marketplace. It wasn’t. That single installation gave ...
Guru3D.com

Malicious VS Code Extension Linked to Theft of 3,800 GitHub Repositories

A reported software supply chain attack involving a malicious Visual Studio Code extension has exposed the growing security risks surrounding modern development environments. According to published ...
GIGAZINE

GitHub's internal information was leaked, resulting in unauthorized access to approximately 3,800 repositories via a Visual Studio Code extension.

On May 20, 2026, GitHub announced that employee devices had been compromised by a 'VS Code extension containing malicious code,' resulting in data from internal GitHub repositories being transmitted ...
TechSpot

Hackers breach GitHub and access 3,800 internal repositories now listed for sale

What we know so far: Hackers have reportedly used a malicious Visual Studio Code extension to gain access to a GitHub developer's machine, then leveraged the stolen credentials to move into GitHub's ...

GitHub says hackers stole data from thousands of internal repositories

The code hosting giant GitHub said it was investigating a breach, but said there was no evidence of customer data theft.
InfoWorld

Using Visual Studio Code’s ‘air-gapped’ AI model mode

Visual Studio Code 1.122 introduced a new feature, “ Use BYOK [Bring Your Own Key] without a GitHub sign-in ,” that allows ...