GitHub Confirms TeamPCP Breach of 3,800 Internal Repositories After Employee Installed Poisoned VS Code Extension
GitHub has confirmed that approximately 3,800 internal repositories were compromised after a TeamPCP supply chain attack that began with a single employee installing a poisoned Visual Studio Code extension. The breach was announced on Tuesday after TeamPCP posted claims on an underground forum offering GitHub's stolen source code and internal organization data to buyers for a minimum of $50,000.
GitHub launched an investigation shortly after the forum post appeared and confirmed the attackers' claims roughly five hours later, stating that the figure of approximately 3,800 repositories was "directionally consistent" with its own findings. The platform immediately began rotating critical secrets, prioritizing the highest-impact credentials first.
The attack vector is now familiar: a compromised VS Code extension on a single developer workstation. VS Code extensions have full access to all data on a developer's machine — credentials, SSH keys, cloud keys, and every other secret present in the environment. One poisoned extension on one employee's machine was sufficient to breach thousands of internal repositories at the company that hosts the world's largest collection of source code.
GitHub did not identify which extension was involved or detail what data the compromised employee device contained beyond the repository access. The company said it continues to analyze logs, validate secret rotation, and monitor for follow-on activity, with a full incident report promised at a later date.
TeamPCP has been on an extraordinary run of supply chain compromises in 2026. The group has now hit Trivy (covered in ZDW article #175), Checkmarx, Bitwarden CLI, TanStack (linked to the Grafana breach we covered in article #206), and now GitHub itself — all through developer tooling. The escalation from targeting open source security tools to breaching the platform that hosts them represents a significant step up in both ambition and impact.
The breach also connects directly to the Nx Console compromise ZDW reported yesterday (article #207), which demonstrated the same fundamental attack pattern: a malicious VS Code extension providing the initial foothold into developer infrastructure. Whether TeamPCP was behind that specific incident remains unconfirmed, but the operational playbook is identical.
As Aikido Security researcher Mackenzie Jackson noted, most security teams still have zero visibility into what extensions or packages are installed on developer workstations, how recently they were published, or whether they've been modified. That blind spot is the door these attacks keep walking through.
Significance:
This breach forces an uncomfortable question: if GitHub — the company responsible for securing the world's code hosting infrastructure — can be breached through a poisoned VS Code extension on a single employee machine, what does that say about the state of developer workstation security across the rest of the industry? The attack surface isn't servers, firewalls, or cloud configurations. It's the unmonitored, unmanaged developer laptop with a marketplace extension that auto-updates. Organizations need to treat developer workstations as tier-one attack surfaces, implement extension allowlisting policies, and gain visibility into what's running in developer IDEs before this pattern claims more victims.
