What's new since our earlier coverage: GitHub has now officially confirmed the breach details on X, named the attack vector as a poisoned VS Code extension on an employee device, and disclosed that TeamPCP has since partnered with LAPSUS$ to jointly offer the stolen repositories for $95,000. The Mini Shai-Hulud worm campaign has also expanded to include a compromised Microsoft PyPI package. This post focuses on the confirmed technical details and the practical steps developers and small businesses can take to protect themselves.
One employee. One extension. Roughly 3,800 internal repositories gone.
That's the short version of what happened to GitHub last week, and it's a story worth understanding — not just because GitHub is one of the most important platforms in software development, but because the attack vector used here is sitting on the computers of developers and IT professionals everywhere, including right here in Yuba City.
What Actually Happened
On May 20, 2026, GitHub confirmed on X that it had "detected and contained a compromise of an employee device involving a poisoned VS Code extension." The company removed the malicious extension, isolated the affected endpoint, and immediately began incident response. Critical secrets were rotated, with the highest-impact credentials prioritized first.
The damage, however, was already done. The threat actor known as TeamPCP — also tracked as UNC6780 — claimed access to roughly 4,000 private repositories and listed them for sale on a cybercrime forum for a minimum of $50,000. GitHub's own investigation put the number at approximately 3,800 repositories, calling the attacker's claims "directionally consistent with our investigation so far."
In a later development, The Hacker News reported that the notorious LAPSUS$ cybercrime group teamed up with TeamPCP for a joint sale of the repositories, raising the asking price to $95,000. According to screenshots from Dark Web Informer, the stolen material includes GitHub Actions workflows, Copilot internal projects, CodeQL tools, internal infrastructure, security tools, and code for Codespaces and Dependabot.
GitHub has stated there is currently no evidence that customer data stored outside its internal repositories — meaning your personal or organization repositories — has been impacted. The investigation, however, remains ongoing.
The Uncomfortable Truth About VS Code Extensions
Here's what makes this breach so jarring: it didn't happen because of a sophisticated zero-day exploit or a nation-state operation targeting network infrastructure. It happened because a developer at one of the most security-conscious companies in the world installed an extension that looked legitimate.
Security Affairs put it bluntly: "The VS Code marketplace has a well-documented history of malicious extensions slipping through, and the consequences have been serious. Each incident produces the same response: the extension gets removed, a post-mortem gets written, and developers are reminded to be careful about what they install. Then it happens again."
Aikido Security researcher Charlie Eriksen, quoted by Help Net Security, underscored exactly why this matters: "VS Code extensions have full access to everything on the developer's machine, including credentials, cloud keys, and SSH keys." He also pointed out that the day before the GitHub breach was disclosed, a separate extension called Nx Console — with 2.2 million installs — was also briefly backdoored. The community caught it in 11 minutes. But as Eriksen noted, "you realise how many machines auto-update in that window."
GitHub has not disclosed the name of the specific extension used in their breach.
Who Is TeamPCP?
TeamPCP isn't new to this. According to Help Net Security, the group specializes in supply chain attacks targeting open-source security utilities and AI middleware. Their previous victims include Aqua's Trivy security scanner, CheckMarx's KICS, the LiteLLM library, the Telnyx SDK, TanStack, and MistralAI packages.
Their weapon of choice is a self-replicating worm called Mini Shai-Hulud, which automates supply chain attacks by stealing CI/CD credentials and using them to publish infected versions of further packages. In the latest expansion of this campaign, The Hacker News reported that TeamPCP compromised durabletask, an official Microsoft Python client for the Durable Task workflow execution framework, with three malicious package versions identified: 1.4.1, 1.4.2, and 1.4.3.
According to Endor Labs researcher Peyton Kennedy, the durabletask package is downloaded roughly 417,000 times a month, and "the malicious code runs automatically the moment the package is imported, with no error messages and no visible signs of compromise."
The pattern is consistent and deliberate: target the tools developers trust, poison them quietly, and let the downstream damage multiply on its own.
How to Safely Manage VS Code Extensions Right Now
Whether you're a solo developer, running a small software shop, or just using VS Code as part of your business workflow, here are practical steps you should take today.
Audit Your Currently Installed Extensions
Open VS Code, go to the Extensions panel (Ctrl+Shift+X), and review everything you have installed. For each extension, ask:
- Is this from a verified publisher (look for the blue checkmark badge)?
- Does it have a significant install count and recent, legitimate reviews?
- Do you actually still use it?
Uninstall anything you don't recognize or no longer need. Every unused extension is an unnecessary attack surface.
Check Publisher Authenticity Before Installing
Before installing any new extension, click through to the publisher's profile. Verify that their website matches the one linked in the extension listing. A common tactic is to create extensions with names nearly identical to popular, trusted ones — a few characters off, or a different publisher name that looks plausible at a glance.
Disable Auto-Updates for Extensions (or Review Them)
VS Code extensions auto-update by default. As the Nx Console incident illustrated, an extension can be backdoored and pushed to millions of machines before anyone catches it. You can disable automatic extension updates in VS Code settings (extensions.autoUpdate) and manually review updates before applying them — especially for extensions with broad system permissions.
Apply the Principle of Least Privilege
Review what permissions your extensions actually request. Extensions that need access to your file system, terminal, or network connections deserve extra scrutiny. If an extension for, say, color theme customization is requesting network access, that's a red flag.
Use a Dedicated Development Profile or VM
For businesses doing sensitive development work — especially anything involving customer data, production credentials, or internal code repositories — consider using a separate VS Code profile or even a dedicated virtual machine for development. This limits what a compromised extension can actually reach.
Audit Your Repository Access and Rotate Secrets Regularly
The GitHub breach is a reminder that stolen credentials are often the real prize. Regularly audit who has access to your code repositories, revoke tokens that are no longer needed, and rotate secrets on a defined schedule — not just after an incident.
What This Means for Small Businesses Using Developer Tools
If your business uses GitHub, VS Code, or any CI/CD pipeline tooling, this incident is directly relevant to you. The supply chain attack model that TeamPCP has refined means the risk doesn't just come from visiting a malicious website — it can arrive through a development tool you've trusted for years.
Small businesses running developer environments or using platforms like GitHub for internal projects should treat their development machines with the same security rigor as their servers. That means endpoint protection, regular credential audits, and a clear policy on what software — including extensions and plugins — is approved for installation.
If you're unsure whether your development environment or business workstations are properly secured, our /membership includes real-time protection and vulnerability monitoring that can help catch these threats before they become breaches. We're always happy to take a look.
The GitHub breach didn't require a sophisticated nation-state attack. It required one person, one bad extension, and a marketplace that doesn't yet have the guardrails to stop it. That's a sobering reminder that in 2026, the most dangerous thing on your computer might be the tool you just installed to make your work easier.
