GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension

GitHub confirmed a security incident on May 19 where a poisoned Visual Studio Code extension on an employee device allowed a third party (claimed by TeamPCP) to access approximately 3,800 internal repositories; GitHub removed the malicious extension, isolated the endpoint, and rotated high‑impact credentials while investigating. The report contextualizes the incident within TeamPCP's wider supply‑chain campaigns (compromises of Trivy, KICS, backdoored PyPI releases), their distribution of credential‑stealing malware, and reported ties to extortion and ransomware groups.