GitHub suffered a security breach caused by a malicious Visual Studio Code extension that led to the exfiltration of about 3,800 internal repositories, though customer data reportedly remains safe. The attacker group TeamPCP claimed to have access to the internal source code and offered it for sale, raising concerns about potential leakage of private repositories and credentials. GitHub is continuing its investigation and monitoring for further activity while promising a more detailed report once complete.
GitHub Says Internal Repos Exfiltrated After Poisoned VS Code Extension Attack

