NewsNovo
The VS Code Extension That Walked Into GitHub, and What It Says About Trust There is a familiar rhythm to incidents like the one GitHub disclosed this week.
A small group called TeamPCP appears on a dark-web forum offering roughly four thousand private internal repositories for fifty thousand dollars, with a threat to dump the data publicly if no buyer materialises.
GitHub confirms the intrusion within hours and traces the entry point not to some exotic zero-day in its own platform, but to a poisoned Visual Studio Code extension installed on an employee's machine.
The company says the compromise has been contained to internal repositories and that customer code is not affected. Then everyone moves on to the next news cycle.
Keep reading