GitHub confirms breach — thousands of internal repositories hit after employee installs ...

An archive of roughly 4,000 repositories is reportedly being offered for sale on the dark web, by threat actors known as ...
Compare the Cloud

GitHub VSCode extension breach exposes developer toolchain as a primary attack surface

An unauthorised group calling itself TeamPCP accessed GitHub's internal repositories, targeting VSCode extensions used by millions of developers daily. The incident is the latest in a pattern of ...

New GitHub Zero-Day Exposed Developer Tokens to Attackers

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and ...
Windows Report

GitHub Confirms Breach After Malicious VS Code Extension Exposed 3,800 Repositories

GitHub confirmed a breach affecting about 3,800 internal repositories after an employee installed a malicious VS Code ...

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.
GIGAZINE

VSCodeの一部拡張機能にファイルを暗号化して身代金を要求する悪意 ...

コードエディターのVisual Studio Code (VSCode)には、拡張機能を利用して開発をより便利にすることが可能です。そんなVSCode向け拡張機能のウェブストア「Visual Studio Code Marketplace」において、ランサムウェアを配布する拡張機能が公開されていたことが報告されました。
Morocco World News

GitHub Breach Linked to TeamPCP Supply Chain Attack Spree

Casablanca — GitHub said Tuesday night that hackers breached the open source code platform through a malicious extension for VSCode, the Microsoft-owned code editor used by many developers. The group ...
The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.