GitHub says internal repos exfiltrated after poisoned VS Code extension attack

GitHub reported a compromise caused by a poisoned Visual Studio Code extension that led to exfiltration of internal repositories (claimed ~3,800). The incident, potentially tied to TeamPCP and Shai-Hulud-related activity, prompted GitHub to analyze logs, rotate secrets, and monitor for follow-on activity; the main concerns are leakage of internal source code, embedded secrets, and broader supply-chain risks to developer tooling.