GitHub: VS Code extension attack — data exfiltrated from ~3,800 internal repositories

Colleagues, please note: GitHub has confirmed a security breach.
GitHub stated that threat actors exfiltrated data from approximately 3,800 internal repositories. The company detected the compromise via an employee device and a trojanized VS Code extension. GitHub reports no evidence of impact to customer data outside internal repositories; the investigation is ongoing. The group TeamPCP has claimed responsibility and is reportedly offering the stolen data for sale.
Why this matters: attacks on extensions and open-source software threaten software supply chains and development environments.
What mitigation measures do you consider priorities to protect the development environment?
#cybersecurity #development #DevSecOps #OSS


Latest comments
No comments yet.