Back to article

GitHub confirms breach of 3,800 repos via malicious VSCode extension (opens in new tab) 22 articles covering this post

bleepingcomputer.com··Hacker News, r/webdev·Open original

Covered in 22 articles

GitHub faces a fight for its survival at Microsoft

··Hacker News

Supply Chain Attacks + Stale Credentials: Why This Combination Is So Dangerous in 2026

The New AI Workflow Is a Supply Chain Problem

GitHub confirms breach of 3,800 repos via malicious VSCode extension

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

venturebeat.com·

SpaceX financials 🚀, OpenAI IPO filing 💰, agent-friendly monorepo 🤖

Qwen 3.7 🚀, Railway’s GCP suspension 🚫, no more lock-in 🔓

GitHub says hackers stole data from thousands of internal repositories

techcrunch.com··r/programming

Self-Host Weekly (22 May 2026)

Daily News Stuff 22 May 2026

npm Invalidates Granular Access Tokens as Mini Shai-Hulud Sweeps the Registry

Daily Hacker News for 2026-05-21

daemonology.net·

Devs, be careful what you plug in: GitHub security breach was apparently facilitated by a 'poisoned Visual Studio Code extension'

·

#169

GitHub says malicious VS Code extension compromised 3,800 internal repositories

metacurity.com·

IT Security Weekend Catch Up

GitHub may have fumbled one of the biggest first-mover advantages in history

sherwood.news·

VS Code Supply Chain Attack, Microsoft Exchange Zero-Day, and AI-Accelerated Vulnerability Discovery

bishopfox.com·

In other languages

Angriff auf GitHub: Daten aus 3800 internen Repositories abgegriffen

GitHub, 오염된 VS Code 확장 프로그램으로 인해 3,800개 저장소 침해 발생 발표

kite.kagi.com·

GitHub визнав масштабний витік даних: зламано понад 3 800 репозиторіїв

GitHub 被黑：员工装了一个 VS Code 插件后，3800 个内部仓库泄漏