GitHub says internal repositories were taken in poisoned VS Code extension attack

Wednesday, May 20, 2026 at 02:48 PM UTC·Source: CyberScoop

Updated: Wednesday, May 20, 2026 at 03:00 PM UTC

Executive Summary

GitHub said late Tuesday that internal repositories were exfiltrated after an employee device was compromised through a poisoned Visual Studio Code extension, an incident that underscores the growing risks facing software development platforms and the ecosystems built around third-party developer tools. The Microsoft-owned company said in posts on X that it detected and contained the […] The

Analysis

Source Attribution

Originally published by CyberScoop on May 20, 2026.

Related Threats

MEDIUMSupply Chain

The npm Threat Landscape: Attack Surface and Mitigations (Updated May 20)

Unit 42 analyzes npm supply chain evolution post-Shai Hulud. Discover wormable malware, CI/CD persistence, multi-stage attacks and more. The post The npm Threat Landscape: Attack Surface and Mitigations (Updated May 20) appeared first on Unit 42 .

2h agoUnit 42 (Palo Alto)

LOWSupply Chain

GitHub admits major source code leak after 3,800 internal repositories breached

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers exfiltrated code from around 3,800 of the company’s internal repositories. News of the incident first emerged on May 19, when GitHub said it was investigating “unauthorized access.” Hours later, the company’s X account confirmed the worst: “Yesterday we detected and contained a compr

6h agoCSO Online

MEDIUMSupply Chain

Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem

Mini Shai-Hulud worm hits Alibaba AntV ecosystem in largest npm supply chain wave to date

7h agoInfosecurity Magazine