GitHub confirms breach of 3,800 repos via malicious VSCode extension

GitHub detected and contained a compromise of an employee device caused by a poisoned VS Code extension that was trojanized; the malicious extension has been removed and the affected endpoint isolated. The company assessed that the activity involved exfiltration of GitHub-internal repositories, with the attacker’s claim of roughly 3,800 repositories being directionally consistent with the investigation.