GitHub Breach: How a Malicious VS Code Extension Exposed 3,800 Internal Repositories
GitHub confirmed on May 20, 2026 that a malicious VS Code extension on an employee device led to the exfiltration of roughly 3,800 internal repositories. The breach reveals less about one compromised endpoint than about the structural costs of platform centralization.