{"id":252751,"date":"2026-05-20T14:09:00","date_gmt":"2026-05-20T18:09:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/20\/github-says-internal-repositories-were-impacted-in-poisoned-vs-code-extension-attack\/"},"modified":"2026-05-22T15:40:21","modified_gmt":"2026-05-22T19:40:21","slug":"github-says-internal-repositories-were-impacted-in-poisoned-vs-code-extension-attack","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/20\/github-says-internal-repositories-were-impacted-in-poisoned-vs-code-extension-attack\/","title":{"rendered":"GitHub says internal repositories were impacted in poisoned VS Code extension attack"},"content":{"rendered":"<p><a href=\"https:\/\/cyberscoop.com\/github-internal-repositories-vs-code-extension-attack\/\">GitHub says internal repositories were impacted in poisoned VS Code extension attack<\/a><\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/github-internal-repositories-vs-code-extension-attack\/\">https:\/\/cyberscoop.com\/github-internal-repositories-vs-code-extension-attack\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-20 14:09:00<\/a><\/p>\n<p>Source Domain: <a href=\"cyberscoop.com\">cyberscoop.com<\/a><\/p>\n<p>GitHub said late Tuesday that internal repositories were exfiltrated after an employee device was compromised through a poisoned Visual Studio Code extension, an incident that underscores the growing risks facing software development platforms and the ecosystems built around third-party developer tools.<\/p>\n<p>The Microsoft-owned company said in posts on X that it detected and contained the compromise, removed the malicious extension version, isolated the affected endpoint and began an incident response investigation. The company\u2019s current assessment is that the activity involved GitHub-internal repositories only.<\/p>\n<p>GitHub also said a claim from TeamPCP, a hacking group behind attacks targeting software development packages, that 3,800 repositories were impacted was \u201cdirectionally consistent\u201d with its investigation so far. It said critical secrets were rotated Tuesday, with the highest-impact credentials prioritized first. The company said it continued to analyze logs, validate secret rotation and monitor for follow-on activity.<\/p>\n<p>The company has not publicly named the extension involved or attributed the activity to a particular group. TeamPCP reportedly advertised the material for sale on a cybercrime forum and threatened to release it if no buyer emerged.\u00a0<\/p>\n<p>Information surfaced Wednesday that the incident may be related to a separate issue with Nx Console, a Visual Studio Code tool that helps engineering teams organize large codebases, coordinate build pipelines and run tests efficiently. According to a security advisory posted on GitHub, one of the Nx Console maintainers was compromised in a prior security incident that leaked their GitHub credentials. An attack then used those credentials to push a malicious version of the extension to the VS Code Marketplace. Those credentials have since been temporarily revoked.<\/p>\n<p>With millions of installs, Nx Console is a fixture of professional JavaScript development. It is exactly the kind of tool&#8230;<\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/github-internal-repositories-vs-code-extension-attack\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>GitHub says internal repositories were impacted in poisoned VS Code extension attack https:\/\/cyberscoop.com\/github-internal-repositories-vs-code-extension-attack\/ Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":252752,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2024\/10\/GettyImages-967199964.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[],"class_list":["post-252751","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/252751"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=252751"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/252751\/revisions"}],"predecessor-version":[{"id":252753,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/252751\/revisions\/252753"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/252752"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=252751"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=252751"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=252751"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}