GitHub Breach: TeamPCP Steals 3,800 Repositories via VS Code Extension

**GitHub confirmed a breach on 19 May 2026 after TeamPCP (UNC6780) used a poisoned Visual Studio Code extension to compromise a developer device and exfiltrate roughly 3,800 internal repositories; the group claims the data for sale and researchers link the campaign to a self-replicating infostealer worm that steals CI/CD credentials and propagates via developer tooling.**