GitHub confirmed that attackers exfiltrated internal repositories after compromising an employee device through a poisoned Visual Studio Code extension, identified in security reports as a malicious version of the Nx Console extension. The Microsoft-owned company said the attacker’s claim of about 3,800 repositories was “directionally consistent” with its investigation, and reports tied the claim to TeamPCP. GitHub said it detected and contained the device compromise, removed the malicious ex...

Read the original article