VS Code news

GitHub has disclosed a security breach where an attacker gained unauthorized access to its internal repositories. The compromise originated from a malicious third-party VS Code extension on an employee's device. While thousands of internal repos were exfiltrated, GitHub reports no evidence of impact on customer data.

GitHub has confirmed that a recent breach of 3,800 internal repositories was caused by a malicious VS Code extension. The extension was compromised in a wider supply-chain attack targeting the popular TanStack npm packages, highlighting the growing risks of software dependencies.