GitHub says a poisoned Visual Studio Code extension let an attacker briefly access some of its internal repositories, in what it now calls a contained breach. The company disclosed new details on X after completing more of its investigation into the incident.
How the Poisoned VS Code Extension Breached GitHub
GitHub says a malicious VS Code extension compromised one employee’s device, which then triggered its detection of unauthorized access to internal repositories. According to its incident update, the extension carried hidden code that ran on the developer’s machine once installed and activated. That payload then used the employee’s existing credentials and developer tools to reach certain internal GitHub repos, turning the laptop into a bridge for the attacker.
The company said it immediately removed the malicious extension version from circulation, isolated the vulnerable endpoint and launched complete incident response processes. Investigators looked at access logs to determine which repositories the attacker accessed and what data they could have potentially read or cloned. GitHub said it had not yet found any evidence that the attacker pushed any harmful changes to any public code or modified production systems, but it said its review was continuing.
Why VS Code Extensions are a Growing Weak Spot
Security researchers have been warning for months that VS Code plugins might operate as “mini‑admins” on developer PCs. Many common extensions can read and write local files, perform code, and open network connections, so a single malicious or vulnerable plugin might expose an entire business. OX Security’s February research found major issues in four popular VS Code extensions, including Live Server and Code Runner, which had more than 120 million downloads and could be exploited for file theft and remote code execution.
In this situation, the compromised extension provided the attacker access to GitHub’s internal environment, without a direct attack on GitHub’s core infrastructure. That’s part of a wider trend in software supply chain attacks where attackers are targeting developer tools, CI/CD pipelines and build systems, rather than front-end applications. Once in a developer’s workflow, attackers can lateral shift, steal passwords, and even publish altered packages if defenses are inadequate.
GitHub says it has hardened controls around internal extensions and developer endpoints after the breach. The company is tightening which extensions staff can install, increasing monitoring for unusual repository access and reviewing how teams store and use developer credentials.
READ MORE: Bakkt Stock Sits at a Key Support Level: Is It a Buy Amid Insider Purchasing?
