GitHub breach: The development ecosystem is in the hot seat

GitHub is investigating unauthorized access to internal repositories traced to a malicious VS Code extension that compromised an employee endpoint; the cybercriminal group TeamPCP claims to have accessed internal source code and ~4,000 private repositories and is attempting to sell the data. The report frames this as a high-risk software supply-chain compromise, warns that developer toolchains are high-value targets, and recommends immediate credential hygiene, extension audits, least-privilege controls, and zero-trust measures.