GitHub confirms breach — thousands of internal repositories hit after employee installs malicious VS Code extension

GitHub confirms an employee’s compromised device led to exfiltration of internal repositories via a poisoned VSCode extension ...
Compare the Cloud

GitHub VSCode extension breach exposes developer toolchain as a primary attack surface

An unauthorised group calling itself TeamPCP accessed GitHub's internal repositories, targeting VSCode extensions used by ...

GitHub confirms breach of 3,800 repos via malicious VSCode extension

GitHub has confirmed that roughly 3,800 internal repositories were breached after one of its employees installed a malicious ...
Cybernews

GitHub confirms breach after hackers put stolen source code up for sale

GitHub has confirmed that hackers breached internal repositories through a poisoned VS Code extension after stolen source ...

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has ...
GIGAZINE

It has been revealed that some VSCode extensions have a malicious function that encrypts files and demands ransom

Visual Studio Code (VSCode) allows you to use extensions to make development more convenient. It has been reported that an extension that distributes ransomware has been published on the Visual Studio ...
Bleeping Computer

'WhiteCobra' floods VSCode market with crypto-stealing extensions

A threat actor named WhiteCobra has been targeting VSCode, Cursor, and Windsurf users by planting 24 malicious extensions in the Visual Studio marketplace and the Open VSX registry. The campaign is ...
XDA Developers on MSN

I rebuilt my VS Code setup from scratch this year, and it's the fastest it's ever been

My VS Code was drowning in extensions ...
Infosecurity-magazine.com

New Attacks Exploit VSCode Extensions and npm Packages

A recent investigation by security researchers has revealed a troubling surge in malicious campaigns exploiting popular development tools, including VSCode extensions and npm packages. These campaigns ...
Neowin

Senior Microsoft exec admits mistakenly removing VSCode extensions used by "millions"

Earlier today, we covered the incident of Microsoft Defender flagging the Winring0 driver inside PC monitoring and fan control apps as malicious. Although at first glance it may seem like an obvious ...