GitHub says internal repositories were taken in poisoned VS Code extension attack | CyberScoop<\/title> <meta name=\"description\" content=\"GitHub confirms a breach affecting roughly 3,800 internal repositories after an employee device was compromised by a poisoned VS Code extension.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/github-internal-repositories-vs-code-extension-attack\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"GitHub says internal repositories were taken in poisoned VS Code extension attack\"> <meta property=\"og:description\" content=\"GitHub confirms a breach affecting roughly 3,800 internal repositories after an employee device was compromised by a poisoned VS Code extension.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/github-internal-repositories-vs-code-extension-attack\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-05-20T14:48:38+00:00\"> <meta property=\"article:modified_time\" content=\"2026-05-20T14:48:39+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/github-says-internal-repositories-were-taken-in-poisoned-vs-code-extension-attack-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1323\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Greg Otto\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@gregotto\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1778775768g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1778005960g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1775068334g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/89095\"><meta name=\"generator\" content=\"WordPress 6.8.5\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=89095\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fgithub-internal-repositories-vs-code-extension-attack%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fgithub-internal-repositories-vs-code-extension-attack%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-89095 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/github-internal-repositories-vs-code-extension-attack\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \">\n<div class=\"single-article__header-content\" readability=\"31.03717472119\">  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/89095\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"441\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/github-says-internal-repositories-were-taken-in-poisoned-vs-code-extension-attack.jpg?resize=640%2C441&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/github-says-internal-repositories-were-taken-in-poisoned-vs-code-extension-attack-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/github-says-internal-repositories-were-taken-in-poisoned-vs-code-extension-attack-2.jpg?resize=300,207 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/github-says-internal-repositories-were-taken-in-poisoned-vs-code-extension-attack-2.jpg?resize=768,529 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/github-says-internal-repositories-were-taken-in-poisoned-vs-code-extension-attack-2.jpg?resize=1024,706 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/github-says-internal-repositories-were-taken-in-poisoned-vs-code-extension-attack-2.jpg?resize=1536,1058 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/github-says-internal-repositories-were-taken-in-poisoned-vs-code-extension-attack-2.jpg?resize=600,413 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/github-says-internal-repositories-were-taken-in-poisoned-vs-code-extension-attack-2.jpg?resize=244,168 244w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/github-says-internal-repositories-were-taken-in-poisoned-vs-code-extension-attack-2.jpg?resize=489,337 489w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/github-says-internal-repositories-were-taken-in-poisoned-vs-code-extension-attack-2.jpg?resize=980,675 980w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/github-says-internal-repositories-were-taken-in-poisoned-vs-code-extension-attack-2.jpg?resize=1223,843 1223w\" sizes=\"(max-width: 980px) 100vw, 980px\"><figcaption> PARIS, FRANCE – JUNE 04: In this photo illustration the GitHub logo is seen on the screen of an iPhone in front of a computer screen showing a Microsoft logo on June 04, 2018 in Paris, France. (Photo Illustration by Chesnot\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"37.071378091873\"><body readability=\"75.683789008561\"><\/p>\n<p>GitHub said late Tuesday that internal repositories were exfiltrated after an employee device was compromised through a poisoned Visual Studio Code extension, an incident that underscores the growing risks facing software development platforms and the ecosystems built around third-party developer tools.<\/p>\n<p>The Microsoft-owned company said <a href=\"https:\/\/x.com\/github\/status\/2056949168208552080\">in posts on X<\/a> that it detected and contained the compromise, removed the malicious extension version, isolated the affected endpoint and began an <a href=\"https:\/\/cyberscoop.com\/tag\/incident-response\/\">incident response<\/a> investigation. The company\u2019s current assessment is that the activity involved GitHub-internal repositories only.<\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/tag\/github\/\">GitHub<\/a> also said a claim from TeamPCP, a hacking group behind attacks targeting software development packages, that 3,800 repositories were impacted was \u201cdirectionally consistent\u201d with its investigation so far. It said critical secrets were rotated Tuesday, with the highest-impact credentials prioritized first. The company said it continued to analyze logs, validate secret rotation and monitor for follow-on activity.<\/p>\n<p>The company has not publicly named the extension involved or attributed the activity to a particular group. TeamPCP reportedly advertised the material for sale on a cybercrime forum and threatened to release it if no buyer emerged. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The episode also follows <a href=\"https:\/\/cyberscoop.com\/mini-shai-hulud-malware-npm-packages-compromised-again\/\">a series of<\/a> <a href=\"https:\/\/cyberscoop.com\/mini-shai-hulud-supply-chain-malware-attack\/\">supply chain attacks<\/a> involving npm, PyPI, <a href=\"https:\/\/cyberscoop.com\/tag\/docker\/\">Docker<\/a> and other <a href=\"https:\/\/cyberscoop.com\/tag\/supply-chain-attacks\/\">developer ecosystems<\/a>. In those incidents, attackers have often targeted maintainers, packages or credentials rather than attacking end users directly. The multiple attacks show how fragile development environments have become as threat actors increasingly target them. A single compromised developer account, package, extension or build process can create access to many downstream systems.<\/p>\n<p>GitHub has said it has no evidence that customer data stored outside the affected repositories was affected.<\/p>\n<p>Visual Studio Code extensions are widely used by developers to add functions to Microsoft\u2019s code editor, including support for programming languages, testing tools, cloud services and artificial intelligence assistants. Because these extensions often operate inside development environments, a malicious or compromised extension can be positioned close to source code, credentials and build systems.<\/p>\n<p>\u201cThe thing people underestimate about VS Code extensions is that they have full access to everything on the developer\u2019s machine,\u201d Charlie Eriksen, a security researcher at Aikido Security, told CyberScoop. \u201cEDR doesn\u2019t cover this layer at all. What\u2019s missing for most organisations is any kind of visibility into what\u2019s actually running on developer machines and the ability to control it.\u201d<\/p>\n<p>Trojanized extensions <a href=\"https:\/\/www.cyber.nj.gov\/Home\/Components\/News\/News\/1356\/214?npage=4\">have appeared in the VS Code Marketplace before.<\/a> Security researchers have identified malicious extensions posing as legitimate development tools, including packages used to steal credentials, mine cryptocurrency or exfiltrate data. Some have accumulated large installation counts before removal, reflecting the difficulty of policing open plugin ecosystems at scale.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>For GitHub, the breach comes amid broader scrutiny of the security of developer infrastructure. The platform sits at the center of software production for companies, governments, <a href=\"https:\/\/cyberscoop.com\/tag\/open-source\/\">open-source<\/a> maintainers and independent developers. Its internal systems and code are of obvious interest to attackers because GitHub\u2019s services support code hosting, package distribution, automation and identity workflows across much of the software industry.<\/p>\n<p>GitHub said it would publish a fuller report when the investigation is complete.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.7126805778491\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/github-says-internal-repositories-were-taken-in-poisoned-vs-code-extension-attack-1.jpg?w=640&ssl=1\" alt=\"Greg Otto\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Greg Otto<\/h4>\n<p> Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/github-internal-repositories-vs-code-extension-attack\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>GitHub says internal repositories were taken in poisoned VS Code<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3548,6693,725,1156,625,3875,3288,1866,288,6694],"tags":[3561,6695,728,1168,630,3877,3290,1868,294,6696],"class_list":["post-8661","post","type-post","status-publish","format-standard","hentry","category-aikido-security","category-docker","category-github","category-incident-response","category-microsoft","category-npm","category-open-source-software","category-supply-chain-attacks","category-threats","category-visual-studio","tag-aikido-security","tag-docker","tag-github","tag-incident-response","tag-microsoft","tag-npm","tag-open-source-software","tag-supply-chain-attacks","tag-threats","tag-visual-studio"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/aikido-security\/\" rel=\"category tag\">Aikido Security<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/docker\/\" rel=\"category tag\">Docker<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/github\/\" rel=\"category tag\">GitHub<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/incident-response\/\" rel=\"category tag\">incident response<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft\/\" rel=\"category tag\">Microsoft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/npm\/\" rel=\"category tag\">npm<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/open-source-software\/\" rel=\"category tag\">open source software<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/supply-chain-attacks\/\" rel=\"category tag\">supply chain attacks<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/visual-studio\/\" rel=\"category tag\">Visual Studio<\/a>","tag_info":"Visual Studio","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8661","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8661"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8661\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8661"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8661"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8661"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8661,"date":"2026-05-20T09:48:38","date_gmt":"2026-05-20T14:48:38","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=89095"},"modified":"2026-05-20T09:48:38","modified_gmt":"2026-05-20T14:48:38","slug":"github-says-internal-repositories-were-taken-in-poisoned-vs-code-extension-attack","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/05\/20\/github-says-internal-repositories-were-taken-in-poisoned-vs-code-extension-attack\/","title":{"rendered":"GitHub says internal repositories were taken in poisoned VS Code extension attack"},"content":{"rendered":"