BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

GitHub breach via poisoned VS Code extension

GitHub's internal repositories breached via malicious VS Code extension; data for sale

  • A breach of GitHub‘s internal repositories originated from an employee downloading a malicious extension from the official VS Code marketplace.
  • The Hacking group TeamPCP is selling the stolen private repositories on a hacking forum for at least $50,000.
  • Security experts are urging developers to immediately rotate any API keys or secrets that may have been stored in private repositories.
  • This incident follows a similar breach at Grafana, which was also linked to the Mini Shai Halud supply chain attack campaign.

In the early hours of Monday, Microsoft-owned code repository giant GitHub disclosed it was investigating unauthorized access to its internal data, according to reports. The company has since confirmed the breach stemmed from a staff member downloading a “poisoned” VS Code extension from the official marketplace. GitHub stated the breach only affected its internal repositories, and the attacker’s claim of roughly 3,800 compromised repos is “directionally consistent” with its investigation.

- Advertisement -

The hacking group TeamPCP is selling the data for no less than $50,000 on the *Breached* forum, stressing it is not a ransom. This group has been OpenAI-confirms-security-breach-in-tanstack-supply-chain-attack/” target=”_blank” rel=”noreferrer noopener”>linked to the Mini Shai Halud supply chain attack that previously impacted OpenAI. GitHub says it has removed the malicious extension, isolated the endpoint, and rotated critical secrets.

Consequently, security experts have issued urgent warnings. Former Binance CEO Changpeng Zhao advised users to check and change API keys stored in their code. Crypto security expert Taylor Monahan added, “Your biggest risk is not this. It’s your own devs getting hit by one of these wormy motherfucking supply chains and leaking all those secrets.”

Meanwhile, this is the second such incident in days. Software firm Grafana also Ransomware-incident/?camp=blog&mdm=social&src=tw” target=”_blank” rel=”noreferrer noopener”>claimed unauthorized access to its GitHub repositories earlier this week, linked to the same supply chain campaign. The company said attackers downloaded its codebase and issued a ransom demand. This pattern follows a 2024 incident where leaked Binance data on GitHub was deemed capable of causing “severe financial harm.”

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

- Advertisement -

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

CISA Flags Actively Exploited Microsoft SharePoint Flaw

The U.S. CISA has flagged a high-severity Microsoft SharePoint flaw, CVE-2026-45659, as actively exploited,...

2026 Stock Outlook Bullish on Strong Earnings, AI Boom

The S&P 500 is up over 7% through late June 2026, with the second-half...

Robinhood expands to Europe with leveraged futures

Robinhood is expanding its European derivatives, offering perpetual futures on traditional assets like commodities...

Unpatched Argo CD flaw risks full Kubernetes takeover

An unpatched flaw in Argo CD's repo-server component allows for unauthenticated remote code execution...

Fed to Hike Interest Rates This Year: Polymarket

Market odds now favor a Federal Reserve interest rate increase before year-end, despite no...

Must Read

8 Best Crypto Debit Cards For Spending Your Digital Tokens

What are | How we chose | Best crypto debit cards | Binance Card? | FAQ | Final WordsCrypto debit cards have transformed how...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading