GitHub Breach — Poisoned VS Code Extension Exfiltrates 3,800 Internal Repos

AI relevance: GitHub is the backbone of AI model training data, agent tooling, and open-source security infrastructure; a breach of this scale directly impacts the supply chain of every organization that depends on code hosted there.

• GitHub confirmed unauthorized access to its internal repositories on May 20, 2026, after detecting a compromised employee device infected through a poisoned Visual Studio Code extension.
• GitHub's investigation found ~3,800 internal repositories were exfiltrated. The company called TeamPCP's claims of ~4,000 repos "directionally consistent" with internal findings.
• The malicious extension was immediately removed from the VS Code Marketplace, the affected endpoint was isolated, and GitHub activated its incident response procedures.
• TeamPCP (aka PCPcat/DeadCatx3) has claimed responsibility and is offering the stolen dataset for sale on underground forums, demanding offers exceeding $50,000.
• GitHub rotated critical secrets and credentials overnight, prioritizing highest-impact credentials first. No confirmed impact on public or customer-hosted repositories at this stage.
• This breach is linked to the broader TeamPCP campaign that has already compromised @antv npm packages, Microsoft durabletask on PyPI, LiteLLM, and dozens of other developer tooling targets in 2026.
• The attack vector — a trojanized IDE extension — demonstrates how developer tooling supply-chain attacks can bypass traditional perimeter security and land directly inside high-value organizations.

Why it matters

GitHub's internal repositories likely contain proprietary tooling, security research, and potentially model training artifacts. Even though customer repos weren't confirmed impacted, the exfiltrated internal code could enable follow-on attacks against downstream consumers. The poisoned VS Code extension vector compounds the already-active Mini Shai-Hulud campaign, showing TeamPCP's preference for developer-targeted initial access across the entire AI and security ecosystem.

What to do

• Audit your VS Code extension marketplace installations; remove any recently added or unfamiliar extensions.
• If you depend on GitHub's internal tooling or APIs, monitor for suspicious access patterns and rotate any shared tokens.
• Review CI/CD pipeline secrets and rotate credentials that may have been accessible from compromised internal repositories.
• Monitor GitHub's ongoing communications — the company has committed to publishing a fuller incident report once review completes.

Sources

• BleepingComputer: GitHub confirms breach of 3,800 repos via malicious VSCode extension
• Cyber Security News: GitHub Hacked — Internal Source Code Repositories Compromised
• Help Net Security: TeamPCP breached GitHub's internal codebase via poisoned VS Code extension
• GitHub official statement on X (Twitter)