GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos

TeamPCP compromised a GitHub employee device via a malicious VS Code extension, exfiltrating roughly 3,800 internal repositories now being offered for sale, and simultaneously pushed malicious versions of the durabletask PyPI package that drop a Linux-focused infostealer. The malware harvests cloud and developer credentials, propagates across AWS and Kubernetes using stolen tokens and SSM/kubectl, uses a FIRESCALE mechanism to recover backup C2 domains from GitHub commit messages, and poses broad supply-chain and credential-theft risks to developer environments and cloud infrastructure.