GitHub admits major source code leak after 3,800 internal repositories breached
highnews
security
Source: CSO OnlineMay 20, 2026
Summary
GitHub confirmed that attackers compromised an employee's device through a poisoned VS Code extension (a malicious add-on program for a code editor), leading to the theft of code from around 3,800 internal repositories. The breach was detected and contained quickly, and GitHub is investigating the incident while validating that no customer data was affected, only internal GitHub code.
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
Microsoft
Related Issues
Monthly digest — independent AI security research
Original source: https://www.csoonline.com/article/4174747/github-admits-major-source-code-leak-after-3800-internal-repositories-breached-2.html
First tracked: May 20, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 75%