GitHub said internal repositories were exfiltrated after an employee device was compromised through a poisoned Visual Studio Code extension, and it has since contained the incident, removed the malicious version, and rotated critical secrets. The case highlights how third-party developer tools can expose source code, credentials, and build systems, with TeamPCP’s claims and the broader wave of attacks on software ecosystems underscoring the risk. #GitHub #VisualStudioCode #TeamPCP
Keypoints
- GitHub confirmed internal repositories were exfiltrated after a compromised employee device.
- The intrusion was linked to a poisoned Visual Studio Code extension.
- GitHub contained the incident, removed the malicious extension, and isolated the affected endpoint.
- Critical secrets were rotated, with the highest-impact credentials prioritized first.
- The attack highlights the risk posed by malicious extensions and supply chain threats in developer ecosystems.
Read More: https://cyberscoop.com/github-internal-repositories-vs-code-extension-attack/