Bleeping Computer

GitHub confirms breach of 3,800 repos via malicious VSCode extension

Update May 21: GitHub has now linked this breach to the TanStack npm supply-chain attack and says the employee installed a malicious version of the Nx Console extension. GitHub has confirmed that ...
TechRadar

Malicious AI-made extension with ransomware capabilities sneaks on to Microsoft's official VS Code marketplace - so devs beware

Malicious VS Code extension ‘susvsex’ acted as ransomware and used GitHub for command control Extension appeared AI-generated, with embedded decryption keys and suspicious metadata Microsoft removed ...
TechRadar

GitHub confirms breach — thousands of internal repositories hit after employee installs malicious VS Code extension

GitHub confirms an employee’s compromised device led to exfiltration of internal repositories via a poisoned VSCode extension Threat actors TeamPCP are selling an archive of roughly 4,000 repos on the ...