2026/05/20/github-confirms-3-800-repositories-were-accessed

GitHub confirms 3,800 repositories were accessed through a malicious VS Code extension tied to earlier internal repo investigation

May 20, 2026, 01:43 PM·bleepingcomputer.com

EDITOR BRIEF

GitHub confirmed that a malicious VS Code extension led to unauthorized access affecting about 3,800 repositories. The report follows an earlier discussion about GitHub investigating access to internal repositories in May 2026.

CONTEXT

The incident highlights how developer tooling has become a high-value attack path, especially when extensions have broad access to source code. Expect more scrutiny of extension supply chains, permissions, and enterprise controls around IDE integrations.

ARTICLE

Previous thread in sequence:<p><i>GitHub is investigating unauthorized access to their internal repositories</i> - <a href="https://news.ycombinator.com/item?id=48201316">https://news.ycombinator.com/item?id=48201316</a> - May 2026 (321 comments)

COMMENTS

Discussion

> geekhaus:~$ next read?

dos.zone

GitHub confirms 3,800 repositories were accessed through a malicious VS Code extension tied to earlier internal repo investigation

EDITOR BRIEF

CONTEXT

ARTICLE

COMMENTS

Discussion

DOS Zone

An OpenAI model has disproved a central conjecture in discrete geometry

Google redesigns Search around Gemini, turning the search box into an AI chat and task assistant

EDITOR BRIEF

CONTEXT

ARTICLE

COMMENTS

Discussion

Next read recommendations

DOS Zone

An OpenAI model has disproved a central conjecture in discrete geometry

Google redesigns Search around Gemini, turning the search box into an AI chat and task assistant