Signal
GitHub confirms breach of 3,800 internal repositories via malicious VS Code extension
Evidence first: scan the strongest sources, then decide whether to go deeper.
Published 2026-05-20 04:01 UTCUpdated 2026-05-20 15:47 UTC
rss
cvebreachthreat_actorsecurity_policyincident_response
Trend in the last 24h
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
No card needed for the free brief.
Evidence trail (top sources)
top sources (4 domains)domains are deduped. counts indicate coverage, not truth.4 top sources shown
Overview
GitHub has confirmed a significant security breach involving the exfiltration of approximately 3,800 internal repositories. The incident occurred after an employee installed a poisoned Visual Studio Code extension, which was exploited by the threat group TeamPCP.
Entities
GitHubMicrosoftVisual Studio CodeTeamPCP
Score total
2.11
Momentum 24h
10
Posts
10
Origins
9
Source types
1
Duplicate ratio
0%
Why now
- Attack recently discovered and publicly confirmed by GitHub.
- Threat group TeamPCP actively advertising stolen code.
- Ongoing investigation and monitoring for further malicious activity.
Why it matters
- Highlights risks of supply chain attacks via developer tools.
- Exposes vulnerabilities in internal code repositories of major platforms.
- Demonstrates importance of rapid incident response and credential rotation.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: high
Recurring claims
- TeamPCP breached GitHub's internal repositories via a malicious VS Code extension, accessing approximately 3,800 repositories.
How sources frame it
- GitHub: neutral
All evidence
All evidence
GitHub admits major source code leak after 3,800 internal repositories breached
CSO Online · csoonline.com · 2026-05-20 15:47 UTC
GitHub says internal repositories were taken in poisoned VS Code extension attack
CyberScoop · cyberscoop.com · 2026-05-20 14:48 UTC
GitHub confirms being hacked by TeamPCP, says customer data unaffected
The Record (Recorded Future News) · therecord.media · 2026-05-20 12:21 UTC
GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension
Infosecurity Magazine · infosecurity-magazine.com · 2026-05-20 10:45 UTC
TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension
Help Net Security · helpnetsecurity.com · 2026-05-20 10:41 UTC
GitHub says internal repos exfiltrated after poisoned VS Code extension attack
The Register Security · theregister.com · 2026-05-20 10:27 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 6Origin domains: 6Duplicates: -
Showing 6 / 0
Top publishers (this list)
- CSO Online (1)
- CyberScoop (1)
- The Record (Recorded Future News) (1)
- Infosecurity Magazine (1)
- Help Net Security (1)
- The Register Security (1)
Top origin domains (this list)
- csoonline.com (1)
- cyberscoop.com (1)
- therecord.media (1)
- infosecurity-magazine.com (1)
- helpnetsecurity.com (1)
- theregister.com (1)