GitHub Confirms 3,800 Internal Repos Stolen Through Poisoned VS Code Extension
TeamPCP gained access to GitHub's private source code after an employee unknowingly installed a malicious coding tool.
InfoWorld AI·
Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers exfiltrated code from around 3,800 of the company’s internal repositories. News of the incident first emerged on May 19, when GitHub said it was investigating “unauthorized access.” Hours later, the company’s X account confirmed the worst: “Yesterday we detected and contained a compromise of an employee device involving a poisoned VS [Visual Studio] Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately,” GitHub said. “Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only. The attacker’s current claims of ~3,800 repositories are directionally consistent with our investigation so far.” GitHub added: “We continue to analyze logs, validate secret rotation, and monitor for any follow-on activity. We will take additional action as the investigation warrants.” Th
Read full articleTeamPCP gained access to GitHub's private source code after an employee unknowingly installed a malicious coding tool.
A poisoned VS Code extension breached GitHub’s internal repositories. Around 3,800 repos may be exposed as GitHub rotates secrets and investigates the attack. A single employee’s device. That was the way in. GitHub confirmed it detected and contained a compromise involving a poisoned VS Code extension installed on an internal device. The malicious extension version […] The post GitHub Got Hit Through a Poisoned VS Code Extension Nobody Saw Coming appeared first on Live Bitcoin News.
From your first backtest to a real trading system, here are GitHub repos that can seriously level up your quant trading skills fast.
Many years ago, Microsoft created a handy hub for its Office suite: type office.com into your browser, and you’d see a web page where you could launch the various Office apps — Word, Excel, PowerPoint, and so on — or access recently used documents in those apps. This hub’s appearance changed a bit over time as the Office suite was rebranded as Office 365 and then Microsoft 365, but it still served as a launch pad for your M365 files and apps. Now, however, Microsoft has deeply integrated its Copilot generative AI assistant throughout Microsoft 365, and the hub has been transformed. Currently called the M365 Copilot app, the page puts the Copilot Chat interface front and center. You can still get to your M365 files or apps by clicking Search or Apps in the sidebar on the left, but the main purpose of the hub these days is to let you chat with Copilot. The old Microsoft Office hub has been taken over by Copilot Chat. Howard Wen / Foundry With the rollout of new Word, Excel, and Pow
Chainlink co-founder Sergey Nazarov said he is increasingly encouraged by three trends reshaping crypto infrastructure: a stronger industry focus on security, continued product development during quieter markets, and the growth of real-world assets and tokenized finance beyond crypto price cycles. 3 Reasons Nazarov Is Bullish On Chainlink In a lengthy post on X, Nazarov argued […]
Firefox chief Ajit Varma explains how Mozilla is betting on privacy, optional AI tools, and its nonprofit structure to compete against browsers from Google, Apple, and Microsoft.
Sprouts.ai, a US-based artificial intelligence startup founded in 2023, has secured $9 million in pre-Series A funding led by True Global Ventures and Accel, bringing its total raised to $14 million. The company builds AI-powered Revenue Agents that autonomously handle B2B sales tasks — including prospecting, contact enrichment, and multi-channel outreach — integrating with platforms such as Salesforce, Microsoft […]
A self-replicating worm that hijacks GitHub Actions pipelines to publish malicious npm packages has struck again, compromising AntV, echarts-for-react, and Microsoft’s durabletask SDK. Mini Shai-Hulud Exploits GitHub Actions to Hit 16 Million Weekly Downloads The Mini Shai-Hulud campaign, attributed to the threat group Team PCP, does not work the way most supply chain attacks do […]