A security breach involving around 3,800 internal code repositories was caused by hackers compromising an employee's device using a malicious Visual Studio Code extension. The breach has been linked to cybercrime group TeamPCP, and the stolen data includes GitHub source code and internal projects.
GitHub has confirmed a major security breach involving around 3,800 internal code repositories after hackers compromised an employee’s device using a malicious Visual Studio Code extension.
The attack has been linked to cybercrime group TeamPCP, which later claimed responsibility on dark web forums. According to the group, the stolen data includes GitHub source code and internal projects, which it is allegedly attempting to sell for at least US$50,000 . TeamPCP also claimed that the data would either be sold to a buyer or leaked publicly if no deal is reached. GitHub says the attackers gained access after an employee installed a poisoned VS Code extension.
Once the device was compromised, the hackers were able to steal credentials and access thousands of GitHub’s own internal repositories. The company noted that TeamPCP’s claim of around 3,800 repositories being affected is “directionally consistent” with its current findings. Importantly, GitHub stressed that the breach only involved its internal repositories and did not affect customer projects or public repositories hosted on the platform.
The stolen data reportedly includes parts of GitHub’s internal infrastructure, such as code related to GitHub Actions, Copilot projects, agentic workflow systems, and Rails controllers used for pull request management. While GitHub has not publicly identified the malicious extension involved, security researchers believe the breach is connected to a recent supply chain attack targeting the popular Nx Console extension for VS Code.
The extension, which reportedly has more than 2.2 million installs, was briefly compromised after attackers gained access to a developer token. That malicious update allegedly harvested sensitive credentials from developers, including GitHub access tokens, SSH keys, cloud credentials and API keys linked to services such as AWS and Claude Code. Those credentials were then reportedly used to compromise additional developer tools and services, allowing the attack to spread further.
Researchers have also linked TeamPCP to a self-propagating malware strain known as “Mini Shai-Hulud. ” The worm is designed to automate parts of the attack chain by creating new GitHub repositories to store stolen credentials, while also spreading compromised updates to other software packages and tools.
Following the discovery of the breach, GitHub says it immediately isolated the compromised employee device, removed the malicious extension from the VS Code Marketplace, and rotated critical secrets and credentials overnight to prevent further abuse. The company also says it has reviewed logs, monitored for additional suspicious activity, and launched a broader incident response investigation. GitHub plans to publish a more detailed report once the investigation is completed.
Github Security Breach Code Repositories VS Code Extension Teampcp Stolen Data Sold To A Buyer Leaked Publicly Internal Infrastructure Codespaces Github Actions Copilot Projects Agentic Workflow Systems Rails Controllers Pull Request Management Nx Console Extension Supply Chain Attack Developer Token
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Casemiro set for Inter Miami move after reaching personal terms with Major League SoccerReports indicate that Brazilian midfielder Casemiro has completed personal terms to join Inter Miami in Major League Soccer (MLS), but the transfer is still not finalized as LA Galaxy reportedly hold the player's MLS discovery rights. Additionally, the Miami lifestyle, featuring the opportunity to play alongside Argentine captain Lionel Messi, seems to be a significant factor in his decision to join Inter Miami. However, Inter Miami must negotiate with LA Galaxy to secure the player's transfer, potentially paying compensation and adjusting their structure to accommodate the new signing.
Read more »
Rugby-Montpellier lift Challenge Cup as routed Ulster's trophy drought goes onSony Group Corp's Bungie unit is planning a significant number of layoffs as it ends development on the long-running online shooter game Destiny 2, according to people familiar with the studio's plans.
Read more »
Sabah pharmacists now 800 strong on golden jubileeKota Kinabalu: There are now more than 800 pharmacists serving Sabah, reflecting the growth of the Sabah Pharmaceutical Society (SPS).
Read more »