May 21, 2026 · Information Security

Malicious VS Code Extension Exposes 3,800 GitHub Private Repos, Hacker Sells Code for $50K

On May 20, GitHub disclosed that a compromised VS Code extension installed by an employee allowed the hacker group TeamPCP to steal credentials, clone roughly 3,800 private repositories, and list the source code for a $50,000 auction on the dark web, highlighting a severe software‑supply‑chain threat.

Credential TheftGitHubInformation Security

0 likes · 8 min read

Malicious VS Code Extension Exposes 3,800 GitHub Private Repos, Hacker Sells Code for $50K

IT Services Circle

Jun 15, 2024 · Information Security

How Researchers Built a Malicious VSCode Extension in 30 Minutes and Exposed Marketplace Security Flaws

A security research team created a counterfeit VSCode extension in half an hour, demonstrated how easily malicious code can be injected and distributed through the VSCode Marketplace, and revealed that dozens of high‑value companies, security firms and even a national court were compromised, highlighting critical gaps in extension vetting and supply‑chain protection.

Information SecurityMalicious ExtensionSecurity Research

0 likes · 10 min read

How Researchers Built a Malicious VSCode Extension in 30 Minutes and Exposed Marketplace Security Flaws