GitHub internal repositories breached via malicious VS Code extension; TeamPCP demands $50K for 3,800 stolen repos May 2026.
GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in last week's TanStack npm supply-chain attack.
GitHub lost 3,800 internal repos after poisoned Nx Console update exposed developer credentials and supply-chain risk.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results