GitHub says internal repositories were impacted in poisoned VS Code extension attack

GitHub detected and contained a compromise in which a malicious Visual Studio Code extension — reportedly a trojanized version of Nx Console pushed using a compromised maintainer account — was used to exfiltrate internal GitHub repositories and potentially access secrets; TeamPCP has claimed responsibility and advertised the data for sale. GitHub removed the malicious extension, isolated the affected endpoint, rotated critical credentials and is continuing its investigation, underscoring the high risk of developer tool supply-chain attacks.