Microsoft-owned web-based code hosting and collaboration platform GitHub has confirmed that it has been compromised, following reports that the TeamPCP hacking group had successfully attacked it.
GitHub said one of its employees’ devices was compromised with a “poisoned” Microsoft Visual Studio Code extension (VSX), leading to what the company confirmed as an exfiltration of around 3800 private code repositories.
1/ We are sharing additional details regarding our investigation into unauthorized access to GitHub’s internal repositories.
Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version,…
— GitHub (@github) May 20, 2026
Paul McCarty of OpenSourceMalware told iTnews the VSX in question was nrwl.angular-console, with over 2.2 million installations and was compromised on March 18 this year.
We’re continuing to work with Microsoft and GitHub to investigate the impact of the malicious Nx Console version 18.95.0. I’ll share any updates on X (@jeffbcross and @NxDevTools) as well as in our security advisory: https://t.co/WPpLuMkNdh.
Initially, Microsoft indicated to us…
— Jeff Cross (@jeffbcross) May 20, 2026
Screenshots of a web page published on the internet shows the TeamPCP hacking group allegedly putting up the internal GitHub repositories for sale.
GitHub said the current exfiltration involves only its internal code repositories.
The code hosting platform is investigating the incident and intends to publish a full report.
iTnews asked GitHub for further details on the breach and was told there is no evidence of impact to customer information stored outside of its internal repositories, such as their customer’s own enterprises, organisations, and repositories.
“Some of GitHub’s internal repositories contain information from customers, for example, excerpts of support interactions,” the GitHub spokesperson said.
“If any impact is discovered, we will notify customers via established incident response and notification channels.
“We are closely monitoring our infrastructure for follow-on activity.”
TeamPCP is a threat actor known for a run of software supply chain attacks in early 2026, targeting developer tooling and open-source package ecosystems including npm and PyPI.
The group’s campaigns hit a broad set of targets in quick succession: the artificial intelligence application programming interface proxy library LiteLLM, Checkmarx’s GitHub Actions workflows and OpenVSX plugins, and the widely used security scanning tool Trivy.
Researchers also linked TeamPCP to CanisterWorm, an npm publisher compromise that backdoored 29 packages in under 60 seconds using a novel command-and-control (C2) technique that routed traffic through a decentralised Internet Computer Protocol canister rather than a conventional server, making it resistant to standard takedown methods.
