Security News

Cybersecurity news aggregator

📦
HIGH Attacks Reddit r/netsec

GitHub hit by a compromised VSCode extension

supply-chaingithubmalicious-codemitre-ta0001mitre-t1190
GitHub experienced a compromise via a poisoned Visual Studio Code extension installed on an employee device, which led to unauthorized access to internal repositories. The company removed the malicious extension version and isolated the affected endpoint. The article is a brief incident notification and does not provide specific vulnerability details, CVSS scores, affected software versions, fixed versions, or workarounds.
Read Full Article →

GitHub (@github): "1/ We are sharing additional details regarding our investigation into unauthorized access to GitHub's internal repositories. Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately." | XCancel

Related Articles

HIGH Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain ... Reddit r/netsec HIGH North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack Mandiant HIGH What OpenClaw revealed about the agent security model SC Media HIGH Malicious Hugging Face Repository Typosquats OpenAI Infosecurity Magazine
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn