GitHub breach exposes 3,800 internal repos

GitHub confirmed a significant security incident where a poisoned VS Code extension led to the exfiltration of approximately 3,800 internal repositories. The threat group TeamPCP claimed responsibility for the attack, which exploited a vulnerability in a VS Code extension installed on an employee's device. This breach highlights the growing risks associated with supply chain attacks and the exploitation of developer tools. The stolen repositories may contain sensitive infrastructure configurations and internal API schemas, posing a substantial risk to GitHub's internal security and operations.