Threat Brief and Data Analysis: GitHub Internal Repository Compromise

**Executive summary:** GitHub confirmed an internal repository compromise via a poisoned VS Code extension that resulted in exfiltration of roughly 3,874 internal repositories; the actor 'TeamPCP' is attempting to sell the dataset. The leaked list includes 343 high-priority repositories related to security, identity, CI/CD, and infrastructure, creating substantial supply-chain, secret-exposure, and operational risk; recommended actions include scoping the malicious extension, validating the repository inventory, rotating credentials, auditing CI/CD trust paths, and hunting for follow-on activity.