> TritonInfoSec News
Home / May 21, 2026 / Story
0
#1 BleepingComputer general May 20, 2026 at 08:14 UTC

GitHub confirms breach of 3,800 repos via malicious VSCode extension

By Sergiu Gatlan

AI Summary

GitHub confirmed that approximately 3,800 internal repositories were breached after a GitHub employee installed a malicious VS Code extension (nrwl.angular-console). The attack was attributed to threat actor TeamPCP, who advertised stolen source code on a cybercrime forum. GitHub stated customer data was unaffected, but the incident exposes critical supply-chain risk in developer tooling ecosystems — specifically poisoned VS Code extensions targeting developer workstations.

Read full article → https://www.bleepingcomputer.com/news/security/git…

Relevance score: 92.0/100

# More from May 21

  1. 2
    Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks The Hacker News
  2. 3
    Microsoft disrupts Fox Tempest malware-signing-as-a-service platform tied to ransomware gangs The Record
  3. 4
    Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit The Hacker News
  4. 5
    CISA Exposes Secrets, Credentials in 'Private' Repo Dark Reading
  5. 6
    Attackers hit vulnerabilities hard last year, making exploits the top entry point for breaches CyberScoop
  6. 7
    7-Eleven confirms data breach claimed by the ShinyHunters gang BleepingComputer
  7. 8
    Grafana breach caused by missed token rotation after TanStack attack BleepingComputer
  8. 9
    Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack SecurityWeek
  9. 10
    Microsoft Self-Service Password Reset abused in Azure data theft attacks BleepingComputer