GitHub confirms breach of 3,800 repos via malicious VSCode extension

If only the company behind VSCode, the company behind NPM and the company behind GitHub could get together and figure out a solution to this.

Vs code extensions have been terrifying for a long time. Such a wild and obvious attack vector. I'm constantly getting pop ups in vscode to install an extension because it recognizes a certain file type. It's 50-50 whether that extension is owned by a company or some random dev. Some of these have millions of installs and on first glance appear to be official company owned extensions. I'm at a point in my life where I only installed official company owned extensions and even that is hard to be sure I'm not getting suckered. Sad state.

I'm more surprised hackers found a large enough uptime window to do this.

This has significant consequences for companies hosting their private repos with GitHub. It's a huge security threat if the attacked has access to the source code. At the very least, GitHub should let people know if their repo was part of the hack or not. It's the most responsible thing to do.

Previous thread in sequence:

GitHub is investigating unauthorized access to their internal repositories - https://news.ycombinator.com/item?id=48201316 - May 2026 (321 comments)

I really hope this pushes Microsoft to add a explicit permission system to VS Code extensions, and improve security of dev containers.

I wonder if this was the compromised nx console extension that bit me yesterday. The timing seems identical. See https://github.com/nrwl/nx-console/security/advisories/GHSA-...

Note that VS Code is built on Electron and it is a pain to sandbox because Electron has (had?) SUID sandbox helper, and you cannot run SUID binaries in sandbox easily. Sandboxing on Linux is extremely difficult task.

Maybe I'm missing something really obvious, but... 3,800 repos? I guess I find it kind of surprising they have that many!

That's one way to make things open source.

Why is the extension not being named?

The forum listing for the stolen source code (per the screenshot in article) says 1 buyer or they leak for free. Is GitHub about to become open source?

But, it did not go down! Progress!

i'd love to be able to use fine grained tokens with gh and not expose every repo and org that i am connected to on github, but you can't see the results of a github actions check that way (no 'Checks' permission available). hoping these breaches push things in the direction of access being less annoying to manage.

The (lack of) security of VSCode has always been astounding. People have asked for sandboxing extensions for years [0] with little to no progress, and issues have been discussed a lot (e.g. [1][2]). I guess it hasn't been a big issue, likely because most developers are not complete idiots. But it only takes one developer and one bad extension to consequences like this.

I mean, I understand that it is hard to sandbox Node.js applications, but apparently Microsoft has put way more effort into their Copilot slop than security.

[0] https://github.com/microsoft/vscode/issues/52116

[1] https://news.ycombinator.com/item?id=42979994

[2] https://news.ycombinator.com/item?id=46855527

My company has extremely strict policies about installing software. We have to call up IT any time we want an application installed. As an engineer it's very annoying to deal with. But they have no policy about extensions and npm/pip packages. It's a time bomb waiting to go off.

I'd have thought that by now, most would have been swapping to WebAssembly. It's really nicely sandboxed, you expose it to only what you want, and you can compile a lot of languages into a WASM form meaning you're not stuck with only Javascript or similar. Am I naive for thinking that?

At what point did/does it start feeling naive to trust the integrity and output of Github Actions on general? Does it feel unlikely that an attacker would be able to get a foothold in that infrastructure?

If you own a GitHub organization and are looking for what changes/controls you can apply to reduce the risk/impact of PAT token exfiltration (and subsequent abuse) like what occurred here, I listed a few at the end of https://blog.bored.engineer/github-canarytokens-5c9e36ad7ecf...

- Enable audit log streaming[1] on your enterprise including source IPs and API requests, even if it’s just going to an S3 bucket nobody looks at it, your incident response team will thank you later.

- Enforce the use of SSO on your GitHub organization[2], not just because SSO is good but because it forces an explicit authorization action[3] by users to grant an SSH key/PAT access to your organization resources, instead of granting access implicitly. That way the PAT created for someone’s weekend project won’t have access to your organization resources.

- Enforce an IP allowlist[4] for your organization from a set of known trusted VPN/corporate IPs. This is by-far the strongest control (and the most painful to rollout) as it will prevent stolen credentials (even if still valid) from being used by an attacker except on the intended systems where you (hopefully) have other visibility/alerting via EDR or related tooling.

- If you can, restrict access from personal access tokens[5] to your organization resources. Blocking classic PATs and enforcing a maximum expiration (ex: 3 months) on fine-grained PATs is a great way to reduce risk if you can’t eliminate PATs altogether[6].

- If you use GitHub enterprise (on-prem), configure collection of the raw HTTP access logs[7] in addition to native GitHub audit logs, it may prove critical during incident response.

[1]: https://docs.github.com/en/enterprise-cloud@latest/admin/mon... [2]: https://docs.github.com/en/enterprise-cloud@latest/authentic... [3]: https://docs.github.com/en/enterprise-cloud@latest/authentic... [4]: https://docs.github.com/en/enterprise-cloud@latest/organizat... [5]: https://docs.github.com/en/enterprise-cloud@latest/organizat... [6]: https://edu.chainguard.dev/open-source/octo-sts/overview/ [7]: https://docs.github.com/en/[email protected]/admin/moni...

What's inside the canada.tar.gz one?

Has there been any confirmation of this from a source other than X? It's weird that that's the only source, and therefore makes me distrust the entire story.

So which extension? Why don't they tell us?

Curious timing that I've started moving private repos to SourceHut a couple of weeks ago. It's pretty good and fast!

I'm also mirroring public ones to Codeberg.

I'll write about it when I'm done.

so how did they exfiltrate the information without noticing? what OS was the developer using? what security measures were they using?

yesterday discussion https://news.ycombinator.com/item?id=48191680

And now, the hackers will be able to scan the repos for more vulnerabilities. Vulnerabilities all the way down.

friendly reminder:

- disable auto-updates for extensions in VS Code/Cursor

- use static analysis for GitHub Actions to catch security issues in pre-commit hook and on ci: https://github.com/zizmorcore/zizmor

- set locally: pnpm config set minimum-release-age 4320 # 3 days in minutes https://pnpm.io/supply-chain-security

- for other package managers check: https://gist.github.com/mcollina/b294a6c39ee700d24073c0e5a4e...

- add Socket Free Firewall when installing npm packages on CI to catch malware https://docs.socket.dev/docs/socket-firewall-free#github-act...

A good day not to be using Electronjs trash.

question is why are people still using vscode or coding by hand?

Isn't 50k a bargain for what could potentially be in those files?

Maybe they looked it up and there wasn't anything interesting but then why take the risk for this kind of money?

Something doesn't make sense.

Is it premature to blame AI Microslop?

Another day another issue with Microsoft products, what else can be said :( At least they are being upfront these days.

[dead]

[dead]

Who uses GitHub in 2026