{"data":{"id":"68128445-af3d-4198-8dc7-d2d8893eaa14","title":"GitHub admits major source code leak after 3,800 internal repositories breached","summary":"GitHub confirmed that attackers compromised an employee's device through a poisoned VS Code extension (a malicious add-on program for a code editor), leading to the theft of code from around 3,800 internal repositories. The breach was detected and contained quickly, and GitHub is investigating the incident while validating that no customer data was affected, only internal GitHub code.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://www.csoonline.com/article/4174747/github-admits-major-source-code-leak-after-3800-internal-repositories-breached-2.html","publishedAt":"2026-05-20T15:47:03.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"news","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["GitHub","Microsoft","Nx Console","AntV","TanStack Router","Trivy","Axios"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-05-20T15:47:03.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":null,"llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}