{"id":153,"date":"2026-05-22T09:51:10","date_gmt":"2026-05-22T09:51:10","guid":{"rendered":"https:\/\/onionmail.org\/blog\/?p=153"},"modified":"2026-05-22T09:51:10","modified_gmt":"2026-05-22T09:51:10","slug":"github-breach-how-a-malicious-vs-code-extension-exposed-3800-internal-repositories","status":"publish","type":"post","link":"https:\/\/onionmail.org\/blog\/github-breach-how-a-malicious-vs-code-extension-exposed-3800-internal-repositories\/","title":{"rendered":"GitHub Breach: How a Malicious VS Code Extension Exposed 3,800 Internal Repositories"},"content":{"rendered":"\r\n\r\nThere is an obvious irony in the fact that GitHub \u2014 the platform that hosts the code for much of the world&#8217;s software \u2014 was breached through a plugin for a code editor. Yet that is exactly what happened. On May 19, 2026, the Microsoft-owned company detected the compromise of an employee&#8217;s device, caused by a malicious Visual Studio Code extension. From that single endpoint, attackers exfiltrated roughly 3,800 internal repositories.\r\n\r\n\r\n\r\n\r\n\r\nThis is not the story of one careless employee. It is a demonstration, at a scale visible to everyone, of a structural problem: the security model of the modern developer workstation has not kept pace with the value of what it holds.\r\n\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\">What Happened, and When<\/h2>\r\n\r\n\r\n\r\n\r\nGitHub confirmed that roughly 3,800 internal repositories were breached after one of its employees installed a malicious VS Code extension downloaded from the official marketplace. The company said it detected and contained the compromise, removed the malicious version of the extension from the marketplace, isolated the endpoint, and immediately began incident response. Critical secrets were rotated the same day and overnight, with the highest-impact credentials prioritized first.\r\n\r\n\r\n\r\n\r\n\r\nThe company&#8217;s assessment is that the activity involved exfiltration of GitHub-internal repositories only, and that the attacker&#8217;s claim of approximately 3,800 repositories is &#8220;directionally consistent&#8221; with the investigation so far. GitHub stated it has no evidence that customer data stored outside the affected repositories has been compromised, while stressing that the investigation is ongoing and that it may publish a more detailed report once analysis is complete.\r\n\r\n\r\n\r\n\r\n\r\nOne relevant detail: the disclosure happened mainly through a series of posts on X, and GitHub has not named the specific extension or the machine involved. For anyone tracking transparency in security communications, that is a point worth returning to.\r\n\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\">Who Is Behind It: TeamPCP<\/h2>\r\n\r\n\r\n\r\n\r\nThe attack was claimed by the group <strong>TeamPCP<\/strong>, a financially motivated criminal cluster that the Google Threat Intelligence Group formally tracks as UNC6780. The group posted on the &#8220;Breached&#8221; cybercrime forum that it had gained access to nearly 4,000 private repositories, and is attempting to sell the stolen data starting at $50,000, advertising it as access to &#8220;GitHub&#8217;s source code and internal orgs.&#8221; According to reports, the group is not holding GitHub to ransom: it wants a single buyer, after which the data would be destroyed, with a threat to leak it for free if no buyer is found.\r\n\r\n\r\n\r\n\r\n\r\nThe GitHub breach did not arrive in isolation. It is the most visible episode in a much broader campaign. Between September 2025 and May 2026, TeamPCP carried out a series of coordinated supply chain attacks across the npm and PyPI package ecosystems, in a campaign the group itself calls <strong>Shai-Hulud<\/strong> \u2014 a reference to the sandworms in Frank Herbert&#8217;s <em>Dune<\/em>, with the campaign&#8217;s entire infrastructure peppered with nods to that universe&#8217;s lexicon.\r\n\r\n\r\n\r\n\r\n\r\nOn May 11, 2026, in what was dubbed the &#8220;Mini Shai-Hulud&#8221; wave, the group compromised over 170 npm and PyPI packages, hitting widely used ecosystems such as TanStack, Mistral AI, OpenSearch, UiPath, and Guardrails AI. The speed was striking: within a few hours TeamPCP published hundreds of malicious versions. The TanStack compromise was assigned the identifier CVE-2026-45321, with a CVSS score of 9.6 out of 10 \u2014 critical severity \u2014 affecting 42 packages across 84 versions in the TanStack ecosystem alone, which includes <code>@tanstack\/react-router<\/code>, one of the most widely used routing libraries in the React ecosystem, with roughly 12 million weekly downloads.\r\n\r\n\r\n\r\n\r\n\r\nWhat makes the campaign especially insidious is the mechanism. The worm self-propagates: it steals developer and cloud credentials, then uses those same credentials to publish poisoned versions of other packages. The malware activates during package installation, harvesting secrets from CI\/CD runners, cloud metadata endpoints, and local files \u2014 AWS IAM keys, GitHub Personal Access Tokens, HashiCorp Vault tokens, Kubernetes secrets \u2014 and exfiltrates the data through encrypted HTTP and writes to GitHub repositories. According to research, the campaign reached a troubling security first: it compromised packages carrying valid SLSA Build Level 3 provenance attestations, proving that even process-integrity controls can be defeated.\r\n\r\n\r\n\r\n\r\n\r\nThere is also an aggravating factor for the future: on the evening of May 12, 2026, the fully weaponized source code of the Mini Shai-Hulud worm was published to public GitHub repositories before being taken down. The toolchain \u2014 CI cache-poisoning scripts, OIDC token extractor, credential stealer with its propagation logic \u2014 is now publicly available, and has already spawned copycat activity, complicating future attribution to TeamPCP.\r\n\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\">Why an IDE Extension Is So Dangerous<\/h2>\r\n\r\n\r\n\r\n\r\nThe technical point at the heart of this whole affair is simple and uncomfortable: a VS Code extension runs with the same privileges as the editor itself. Once installed, it has access to everything the developer can reach \u2014 the filesystem, credentials, cloud keys, SSH keys, environment variables, terminal sessions \u2014 with no meaningful verification before that code executes.\r\n\r\n\r\n\r\n\r\n\r\nThe comparison with other ecosystems is instructive. Browser extensions have sandboxing and capability-based permissions. Mobile applications must declare permissions and request explicit user consent. IDE extensions \u2014 which see source code, credentials, terminal sessions, and network access \u2014 have none of these boundaries. They are not treated as a security boundary, and that asymmetry is arguably the most underestimated risk in today&#8217;s developer toolchain.\r\n\r\n\r\n\r\n\r\n\r\nThe permissions model does not distinguish between &#8220;format my code&#8221; and &#8220;read my SSH keys and send them to a remote server.&#8221; To the extension, they are the same category of operation.\r\n\r\n\r\n\r\n\r\n\r\nThe GitHub case is not isolated on this front either. Recent history is dotted with similar episodes. Just one day before GitHub&#8217;s disclosure, the Nx Console extension \u2014 2.2 million installs, with verified publisher status \u2014 had been briefly compromised with a version that silently collected credentials the moment a developer opened any workspace. Security researchers have repeatedly documented vulnerabilities and malicious extensions with millions of installs combined. As an OX Security researcher put it in a line that stuck with several industry commentators, IDEs are the weakest link in an organization&#8217;s supply chain security.\r\n\r\n\r\n\r\n\r\n\r\nThe problem, as an Aikido Security analysis noted, is also one of visibility: most security teams have no idea which extensions or packages are installed on their developers&#8217; machines. You cannot protect what you cannot see.\r\n\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\">The Cost of Centralization<\/h2>\r\n\r\n\r\n\r\n\r\nPart of the reason this breach is making news is GitHub&#8217;s scale. The platform is used by over 4 million organizations \u2014 including 90% of the Fortune 100 \u2014 and more than 180 million developers who contribute to over 420 million repositories.\r\n\r\n\r\n\r\n\r\n\r\nThat concentration makes GitHub a target not only for those interested in GitHub&#8217;s own code, but for those who want to move laterally from the platform into its customers&#8217; systems. Internal repositories, like those exfiltrated, typically contain infrastructure configurations, deployment scripts, staging credentials, and internal API schemas \u2014 exactly the kind of material that serves as a springboard for follow-on attacks.\r\n\r\n\r\n\r\n\r\n\r\nIt should be said honestly: in this case the containment boundary held. GitHub states the activity was limited to internal repositories and that customer data does not appear to be compromised. The paradoxical lesson of an isolation-based security model is that it works until it doesn&#8217;t; but when containment fails in such a concentrated architecture, the failure tends to be systemic. That is the very nature of a platform where code hosting, CI\/CD secrets, issue tracking, access control, and package distribution converge in the same place: that convergence is what makes it convenient to use, and it is also what makes it a high-value target.\r\n\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\">What Developers and Teams Can Do<\/h2>\r\n\r\n\r\n\r\n\r\nUnlike many threats, the practical countermeasures here exist and are well known. None is a silver bullet on its own, but together they meaningfully reduce the attack surface.\r\n\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n \t<li><strong>Treat IDE extensions as software dependencies, not harmless tools.<\/strong> Every developer who installs an unvetted extension is making a security decision for the entire organization. Verify the author&#8217;s credentials, the install count, the publisher&#8217;s track record, and treat with suspicion any extension requesting permissions disproportionate to its stated function.<\/li>\r\n \t<li><strong>Build visibility into what is installed.<\/strong> Security teams should know which extensions and packages run on developers&#8217; machines. EDR tools can monitor anomalous patterns on workstations: unexpected localhost listeners, modifications to <code>settings.json<\/code> by non-VS Code processes, outbound connections from editor-spawned child processes.<\/li>\r\n \t<li><strong>Stop keeping secrets in local files.<\/strong> A good share of the damage from these attacks comes from long-lived credentials sitting in plaintext on machines. Using a secrets manager (HashiCorp Vault, AWS Secrets Manager, 1Password CLI) with just-in-time access drastically limits what a compromised extension can steal at any given moment.<\/li>\r\n \t<li><strong>Extend supply chain monitoring to extensions as well.<\/strong> Tools that scan dependencies for known vulnerabilities should also cover IDEs, not just application packages.<\/li>\r\n \t<li><strong>Assume compromise and rotate fast.<\/strong> GitHub&#8217;s response speed \u2014 endpoint isolation and credential rotation within hours \u2014 is exactly the behavior that limits an attack&#8217;s blast radius. For the Mini Shai-Hulud campaign, researchers&#8217; recommendation is blunt: any system on which a compromised package was installed must be treated as fully compromised.<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\">What Changes, and What Doesn&#8217;t<\/h2>\r\n\r\n\r\n\r\n\r\nGitHub will likely publish a fuller report. Organizations will rotate API keys. Security teams will add VS Code extension policies to their endpoint security checklists. All useful, none decisive.\r\n\r\n\r\n\r\n\r\n\r\nThe underlying dynamic remains: supply chain attacks work because trust is implicit and credentials are concentrated. Platforms are attractive because they reduce friction, and the price of that reduced friction is concentration of risk. Until IDE extensions are sandboxed with explicit permission grants, until repositories are treated as sensitive assets rather than mere collaboration surfaces, and until disclosure norms for breaches at platform-level vendors are tightened, the same playbook will keep working.\r\n\r\n\r\n\r\n\r\n\r\nFor developers, the operational takeaway is less dramatic but more concrete: the workstation is now a front-line target, not a footnote. It is where code, credentials, and access converge \u2014 and until the permissions model of the tools we use every day acknowledges that, caution about installing an extension matters as much as caution about a password.\r\n\r\n\r\n\r\n\r\n\r\n<hr class=\"wp-block-separator\" \/>\r\n\r\n\r\n\r\n\r\n\r\n<em>Based on public sources available as of May 22, 2026, including BleepingComputer, Tom&#8217;s Hardware, VentureBeat, Help Net Security, Infosecurity Magazine, Aikido Security, Tenable, Wiz, Unit 42 (Palo Alto Networks), and The Hacker News. GitHub&#8217;s investigation into the incident is ongoing at the time of writing; some details may be updated in the official report.<\/em>","protected":false},"excerpt":{"rendered":"<p>GitHub confirmed on May 20, 2026 that a malicious VS Code extension on an employee device led to the exfiltration of roughly 3,800 internal repositories. The breach reveals less about one compromised endpoint than about the structural costs of platform centralization.<\/p>\n","protected":false},"author":1,"featured_media":151,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14],"tags":[200,23,196,185,201,204,206,207,203,205,194,195,202],"class_list":["post-153","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-encryption","tag-credential-theft","tag-cybersecurity","tag-developer-security","tag-devsecops","tag-github-breach","tag-ide-security","tag-npm-security","tag-pypi","tag-shai-hulud","tag-software-supply-chain","tag-supply-chain-attack","tag-teampcp","tag-vs-code-extension"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>GitHub Breach: How a Malicious VS Code Extension Exposed 3,800 Internal Repositories - Onion Mail \u2014 Privacy, Encryption &amp; Tor<\/title>\n<meta name=\"description\" content=\"A malicious VS Code extension let TeamPCP exfiltrate ~3,800 of GitHub&#039;s internal repos. What happened, why IDE extensions are so risky, and how to protect your team.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/onionmail.org\/blog\/github-breach-how-a-malicious-vs-code-extension-exposed-3800-internal-repositories\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"GitHub Breach: How a Malicious VS Code Extension Exposed 3,800 Internal Repositories - Onion Mail \u2014 Privacy, Encryption &amp; Tor\" \/>\n<meta property=\"og:description\" content=\"A malicious VS Code extension let TeamPCP exfiltrate ~3,800 of GitHub&#039;s internal repos. What happened, why IDE extensions are so risky, and how to protect your team.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/onionmail.org\/blog\/github-breach-how-a-malicious-vs-code-extension-exposed-3800-internal-repositories\/\" \/>\n<meta property=\"og:site_name\" content=\"Onion Mail \u2014 Privacy, Encryption &amp; Tor\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-22T09:51:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/onionmail.org\/wp-content\/uploads\/2026\/05\/breached-20260522.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"800\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Onion Mail\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Onion Mail\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/github-breach-how-a-malicious-vs-code-extension-exposed-3800-internal-repositories\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/github-breach-how-a-malicious-vs-code-extension-exposed-3800-internal-repositories\\\/\"},\"author\":{\"name\":\"Onion Mail\",\"@id\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/#\\\/schema\\\/person\\\/165910c3149db6a9320ddae7d7a17cab\"},\"headline\":\"GitHub Breach: How a Malicious VS Code Extension Exposed 3,800 Internal Repositories\",\"datePublished\":\"2026-05-22T09:51:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/github-breach-how-a-malicious-vs-code-extension-exposed-3800-internal-repositories\\\/\"},\"wordCount\":1671,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/github-breach-how-a-malicious-vs-code-extension-exposed-3800-internal-repositories\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/onionmail.org\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/breached-20260522.jpg\",\"keywords\":[\"credential theft\",\"cybersecurity\",\"developer security\",\"DevSecOps\",\"GitHub breach\",\"IDE security\",\"npm security\",\"PyPI\",\"Shai-Hulud\",\"software supply chain\",\"supply chain attack\",\"TeamPCP\",\"VS Code extension\"],\"articleSection\":[\"Encryption\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/onionmail.org\\\/blog\\\/github-breach-how-a-malicious-vs-code-extension-exposed-3800-internal-repositories\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/github-breach-how-a-malicious-vs-code-extension-exposed-3800-internal-repositories\\\/\",\"url\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/github-breach-how-a-malicious-vs-code-extension-exposed-3800-internal-repositories\\\/\",\"name\":\"GitHub Breach: How a Malicious VS Code Extension Exposed 3,800 Internal Repositories - Onion Mail \u2014 Privacy, Encryption &amp; Tor\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/github-breach-how-a-malicious-vs-code-extension-exposed-3800-internal-repositories\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/github-breach-how-a-malicious-vs-code-extension-exposed-3800-internal-repositories\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/onionmail.org\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/breached-20260522.jpg\",\"datePublished\":\"2026-05-22T09:51:10+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/#\\\/schema\\\/person\\\/165910c3149db6a9320ddae7d7a17cab\"},\"description\":\"A malicious VS Code extension let TeamPCP exfiltrate ~3,800 of GitHub's internal repos. What happened, why IDE extensions are so risky, and how to protect your team.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/github-breach-how-a-malicious-vs-code-extension-exposed-3800-internal-repositories\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/onionmail.org\\\/blog\\\/github-breach-how-a-malicious-vs-code-extension-exposed-3800-internal-repositories\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/github-breach-how-a-malicious-vs-code-extension-exposed-3800-internal-repositories\\\/#primaryimage\",\"url\":\"https:\\\/\\\/onionmail.org\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/breached-20260522.jpg\",\"contentUrl\":\"https:\\\/\\\/onionmail.org\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/breached-20260522.jpg\",\"width\":1200,\"height\":800,\"caption\":\"breached - A padlock rests on a computer keyboard.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/github-breach-how-a-malicious-vs-code-extension-exposed-3800-internal-repositories\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"GitHub Breach: How a Malicious VS Code Extension Exposed 3,800 Internal Repositories\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/\",\"name\":\"Onion Mail \u2014 Privacy, Encryption & Tor\",\"description\":\"Anonymous email, PGP encryption and post-quantum security guides\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/#\\\/schema\\\/person\\\/165910c3149db6a9320ddae7d7a17cab\",\"name\":\"Onion Mail\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f7d6948c15418aed2d5fc684c551bb93fe70d354338e034960230227dad93ec9?s=96&d=initials&r=g&initials=in\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f7d6948c15418aed2d5fc684c551bb93fe70d354338e034960230227dad93ec9?s=96&d=initials&r=g&initials=in\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f7d6948c15418aed2d5fc684c551bb93fe70d354338e034960230227dad93ec9?s=96&d=initials&r=g&initials=in\",\"caption\":\"Onion Mail\"},\"sameAs\":[\"https:\\\/\\\/onionmail.org\"],\"url\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/author\\\/adminblogonion\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"GitHub Breach: How a Malicious VS Code Extension Exposed 3,800 Internal Repositories - Onion Mail \u2014 Privacy, Encryption &amp; Tor","description":"A malicious VS Code extension let TeamPCP exfiltrate ~3,800 of GitHub's internal repos. What happened, why IDE extensions are so risky, and how to protect your team.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/onionmail.org\/blog\/github-breach-how-a-malicious-vs-code-extension-exposed-3800-internal-repositories\/","og_locale":"en_US","og_type":"article","og_title":"GitHub Breach: How a Malicious VS Code Extension Exposed 3,800 Internal Repositories - Onion Mail \u2014 Privacy, Encryption &amp; Tor","og_description":"A malicious VS Code extension let TeamPCP exfiltrate ~3,800 of GitHub's internal repos. What happened, why IDE extensions are so risky, and how to protect your team.","og_url":"https:\/\/onionmail.org\/blog\/github-breach-how-a-malicious-vs-code-extension-exposed-3800-internal-repositories\/","og_site_name":"Onion Mail \u2014 Privacy, Encryption &amp; Tor","article_published_time":"2026-05-22T09:51:10+00:00","og_image":[{"width":1200,"height":800,"url":"https:\/\/onionmail.org\/wp-content\/uploads\/2026\/05\/breached-20260522.jpg","type":"image\/jpeg"}],"author":"Onion Mail","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Onion Mail","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/onionmail.org\/blog\/github-breach-how-a-malicious-vs-code-extension-exposed-3800-internal-repositories\/#article","isPartOf":{"@id":"https:\/\/onionmail.org\/blog\/github-breach-how-a-malicious-vs-code-extension-exposed-3800-internal-repositories\/"},"author":{"name":"Onion Mail","@id":"https:\/\/onionmail.org\/blog\/#\/schema\/person\/165910c3149db6a9320ddae7d7a17cab"},"headline":"GitHub Breach: How a Malicious VS Code Extension Exposed 3,800 Internal Repositories","datePublished":"2026-05-22T09:51:10+00:00","mainEntityOfPage":{"@id":"https:\/\/onionmail.org\/blog\/github-breach-how-a-malicious-vs-code-extension-exposed-3800-internal-repositories\/"},"wordCount":1671,"commentCount":0,"image":{"@id":"https:\/\/onionmail.org\/blog\/github-breach-how-a-malicious-vs-code-extension-exposed-3800-internal-repositories\/#primaryimage"},"thumbnailUrl":"https:\/\/onionmail.org\/wp-content\/uploads\/2026\/05\/breached-20260522.jpg","keywords":["credential theft","cybersecurity","developer security","DevSecOps","GitHub breach","IDE security","npm security","PyPI","Shai-Hulud","software supply chain","supply chain attack","TeamPCP","VS Code extension"],"articleSection":["Encryption"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/onionmail.org\/blog\/github-breach-how-a-malicious-vs-code-extension-exposed-3800-internal-repositories\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/onionmail.org\/blog\/github-breach-how-a-malicious-vs-code-extension-exposed-3800-internal-repositories\/","url":"https:\/\/onionmail.org\/blog\/github-breach-how-a-malicious-vs-code-extension-exposed-3800-internal-repositories\/","name":"GitHub Breach: How a Malicious VS Code Extension Exposed 3,800 Internal Repositories - Onion Mail \u2014 Privacy, Encryption &amp; Tor","isPartOf":{"@id":"https:\/\/onionmail.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/onionmail.org\/blog\/github-breach-how-a-malicious-vs-code-extension-exposed-3800-internal-repositories\/#primaryimage"},"image":{"@id":"https:\/\/onionmail.org\/blog\/github-breach-how-a-malicious-vs-code-extension-exposed-3800-internal-repositories\/#primaryimage"},"thumbnailUrl":"https:\/\/onionmail.org\/wp-content\/uploads\/2026\/05\/breached-20260522.jpg","datePublished":"2026-05-22T09:51:10+00:00","author":{"@id":"https:\/\/onionmail.org\/blog\/#\/schema\/person\/165910c3149db6a9320ddae7d7a17cab"},"description":"A malicious VS Code extension let TeamPCP exfiltrate ~3,800 of GitHub's internal repos. What happened, why IDE extensions are so risky, and how to protect your team.","breadcrumb":{"@id":"https:\/\/onionmail.org\/blog\/github-breach-how-a-malicious-vs-code-extension-exposed-3800-internal-repositories\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/onionmail.org\/blog\/github-breach-how-a-malicious-vs-code-extension-exposed-3800-internal-repositories\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/onionmail.org\/blog\/github-breach-how-a-malicious-vs-code-extension-exposed-3800-internal-repositories\/#primaryimage","url":"https:\/\/onionmail.org\/wp-content\/uploads\/2026\/05\/breached-20260522.jpg","contentUrl":"https:\/\/onionmail.org\/wp-content\/uploads\/2026\/05\/breached-20260522.jpg","width":1200,"height":800,"caption":"breached - A padlock rests on a computer keyboard."},{"@type":"BreadcrumbList","@id":"https:\/\/onionmail.org\/blog\/github-breach-how-a-malicious-vs-code-extension-exposed-3800-internal-repositories\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/onionmail.org\/blog\/"},{"@type":"ListItem","position":2,"name":"GitHub Breach: How a Malicious VS Code Extension Exposed 3,800 Internal Repositories"}]},{"@type":"WebSite","@id":"https:\/\/onionmail.org\/blog\/#website","url":"https:\/\/onionmail.org\/blog\/","name":"Onion Mail \u2014 Privacy, Encryption & Tor","description":"Anonymous email, PGP encryption and post-quantum security guides","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/onionmail.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/onionmail.org\/blog\/#\/schema\/person\/165910c3149db6a9320ddae7d7a17cab","name":"Onion Mail","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f7d6948c15418aed2d5fc684c551bb93fe70d354338e034960230227dad93ec9?s=96&d=initials&r=g&initials=in","url":"https:\/\/secure.gravatar.com\/avatar\/f7d6948c15418aed2d5fc684c551bb93fe70d354338e034960230227dad93ec9?s=96&d=initials&r=g&initials=in","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f7d6948c15418aed2d5fc684c551bb93fe70d354338e034960230227dad93ec9?s=96&d=initials&r=g&initials=in","caption":"Onion Mail"},"sameAs":["https:\/\/onionmail.org"],"url":"https:\/\/onionmail.org\/blog\/author\/adminblogonion\/"}]}},"_links":{"self":[{"href":"https:\/\/onionmail.org\/blog\/wp-json\/wp\/v2\/posts\/153","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/onionmail.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/onionmail.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/onionmail.org\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/onionmail.org\/blog\/wp-json\/wp\/v2\/comments?post=153"}],"version-history":[{"count":1,"href":"https:\/\/onionmail.org\/blog\/wp-json\/wp\/v2\/posts\/153\/revisions"}],"predecessor-version":[{"id":154,"href":"https:\/\/onionmail.org\/blog\/wp-json\/wp\/v2\/posts\/153\/revisions\/154"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/onionmail.org\/blog\/wp-json\/wp\/v2\/media\/151"}],"wp:attachment":[{"href":"https:\/\/onionmail.org\/blog\/wp-json\/wp\/v2\/media?parent=153"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/onionmail.org\/blog\/wp-json\/wp\/v2\/categories?post=153"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/onionmail.org\/blog\/wp-json\/wp\/v2\/tags?post=153"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}