GitHub confirms 3,800 internal repositories breached via poisoned VS Code extension

Attack Overview

GitHub publicly confirmed on May 20, 2026 that its internal source-code repositories were breached after an employee installed a poisoned Visual Studio Code extension. Threat group TeamPCP—tracked by Google Threat Intelligence as UNC6780—has claimed responsibility for the incident.

The Trojanized Extension

The malicious extension impersonated Nx Console (nrwl.angular-console) v18.95.0. It was published to the VS Code Marketplace on May 18, 2026 and removed within approximately 11 minutes. Despite that narrow window, the credential-stealing payload was distributed to machines that synced extensions during that period. The payload was capable of harvesting credentials from 1Password vaults, Anthropic Claude Code configurations, npm, GitHub, and Amazon Web Services (AWS).

Scope of the Breach

GitHub stated that “the activity involved exfiltration of GitHub-internal repositories only” and that the attacker’s claim of approximately 3,800 repositories is “directionally consistent” with its investigation so far. External public repositories and customer data are not believed to be involved. TeamPCP is reportedly seeking at least USD $50,000 on underground forums for the stolen material.

TeamPCP’s Track Record

TeamPCP specializes in supply chain attacks targeting open-source security utilities and AI middleware. The group has previously compromised Aqua’s Trivy security scanner, CheckMarx’s KICS, the LiteLLM library, the Telnyx SDK, TanStack, MistralAI, and other packages.

What Developers Should Do

This incident highlights ongoing weaknesses in VS Code Marketplace vetting. Security professionals recommend verifying publisher identity, review count, and publication date before installing any extension, and immediately rotating API keys and tokens if a suspicious extension was recently installed.

Source: BleepingComputer, The Hacker News