GitHub
May 18, 2026
•[ poisoned extension, data breach, internal repositories ]
GitHub confirmed that attackers compromised an employee device through a poisoned Visual Studio Code extension and exfiltrated approximately 3,800 internal repositories. TeamPCP claimed responsibility and reportedly offered the stolen data for sale, while GitHub said customer repositories and external enterprise customer data were not impacted.
