GitHub confirms breach — thousands of internal repositories hit after employee installs malicious VS Code extension

GitHub confirms an employee’s compromised device led to exfiltration of internal repositories via a poisoned VSCode extension ...
Dark Reading

CISA Exposes Secrets, Credentials in 'Private' Repo

CISA," the repo was publicly accessible online since Nov. 13, 2025. In a blog post, Valadon said he first discovered the ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

GitHub Investigates Major Hack Claim as TeamPCP Offers 4,000 Private Code Repositories for Sale

GitHub is investigating an alleged breach after TeamPCP claimed access to nearly 4,000 private repositories, though no impact ...

GitHub says internal repos exfiltrated after poisoned VS Code extension attack

GitHub, the world's biggest code repository and DevOps platform, fell victim to a malicious Visual Studio Code (VS Code) ...
Memeburn

GitHub Hack Exposes 3,800 Repos and a Bigger VS Code Risk

GitHub hack exposed 3,800 internal repos through a poisoned VS Code extension, raising new concerns over developer supply ...
SecurityWeek

GitHub Confirms Hack Impacting 3,800 Internal Repositories

GitHub has confirmed that roughly 3,800 internal repositories were hacked after an employee installed an infected VS Code ...
CSO Online

Contractor’s public GitHub account exposed GovCloud and CISA credentials

This kind of exposure happens with alarming frequency,’ said an expert; here’s what CSOs and CIOs should do to protect ...
Bleeping Computer

GitHub rolls out free secret scanning for all public repositories

GitHub is rolling out support for the free scanning of exposed secrets (such as credentials and auth tokens) to all public repositories on its code hosting platform. Secret scanning is a security ...
VentureBeat

GitHub’s secret scanning for private repositories enters general availability

GitHub has announced that its enterprise-focused secret scanning tool for private repositories is now generally available. The Microsoft-owned code-hosting platform first debuted secret scanning for ...
Bleeping Computer

GitHub’s secret scanning alerts now available for all public repos

GitHub has announced that its secret scanning alerts service is now generally available to all public repositories and can be enabled to detect leaked secrets across an entire publishing history.