TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension

Following claims by TeamPCP (UNC6780) that they breached GitHub’s private repositories, GitHub confirmed exfiltration of internal repositories after a poisoned Visual Studio Code extension was installed; the company removed the malicious extension, isolated the endpoint, rotated critical secrets and is continuing its investigation. TeamPCP — known for supply-chain attacks and an automated worm called Mini Shai-Hulud that steals CI/CD credentials and propagates to publish infected packages — is reportedly attempting to sell or will leak the stolen repository data if no buyer appears.