DevSecOps

GitHub Breach: How a Malicious VS Code Extension Exposed 3,800 Internal Repositories

by
breached - A padlock rests on a computer keyboard.

GitHub confirmed on May 20, 2026 that a malicious VS Code extension on an employee device led to the exfiltration of roughly 3,800 internal repositories. The breach reveals less about one compromised endpoint than about the structural costs of platform centralization.

The CISA GitHub Leak: What Six Months of Exposed Credentials Tell Us About Systemic Security Failures

by
leak - A padlock rests on a computer keyboard.

A contractor for the U.S. Cybersecurity and Infrastructure Security Agency maintained a public GitHub repository containing AWS GovCloud credentials, plaintext passwords, and DevSecOps files for six months before researchers intervened.