GitHub internal repositories breached via poisoned VS Code extension.
GitHub confirmed that an employee device was compromised through a malicious third-party VS Code extension, leading to unauthorized access to internal repositories. The attacker’s claim of about 3,800 repositories is “directionally consistent” with GitHub’s investigation, while GitHub says it has no evidence that customer repositories outside its internal systems were affected. The incident is being linked by security media to the broader TeamPCP / TanStack supply-chain campaign targeting developer tools and package ecosystems. GitHub says it isolated the endpoint, removed the malicious extension version, rotated critical secrets, and is still analyzing logs.