ARTICLE27

3,800 GitHub repos got breached by one VSCode extension. Here's the 5-minute audit that saves yours.

DEV.to AI·May 21, 2026

A malicious VSCode extension breached 3,800 GitHub repositories, exfiltrating tokens and credentials. The attack exploited extension file access permissions to collect sensitive data and send it to an attacker-controlled server.

GitHub cybersecurity VSCode security data breach

Read original ↗