GitHub Confirms Breach of 3,800 Internal Repositories via Poisoned VS Code Extension

Microsoft-owned GitHub disclosed in May 2026 that attackers compromised an employee device through a malicious version of the Nx Console VS Code extension, gaining access to approximately 3,800 internal repositories.

The poisoned extension was a modified version of a legitimate developer tool. Attackers distributed it to target developers who use the Nx Console for managing monorepo projects. The malicious version was live for a short period before being identified and removed.

GitHub said the breach is linked to a broader software supply chain attack. The company is investigating the full scope of the incident and has notified affected parties.

The Hacker News reported the breach as part of a growing pattern of attacks targeting developer tools and open-source ecosystems. Security researchers say these tools are attractive targets because they are trusted by developers and often have broad access to code repositories and credentials.

Microsoft also disclosed a separate large-scale phishing operation in May 2026 that compromised accounts across 13,000 organizations in 26 countries, affecting over 35,000 users. The two incidents highlight the scale of cybersecurity threats facing major technology companies.

Cybersecurity experts say AI-assisted hacking is making attacks more sophisticated. Automated tools can now discover vulnerabilities, craft phishing campaigns, and develop malware faster than human defenders can respond.

GitHub said it is reviewing its security practices and working with law enforcement on the investigation.