Home Professional League Other Sports Var Room African and Arab Football
Breaking FIFA broadcast rights talks continue in India ahead of the 2026 World Cup 13:30 Dolidol names Morocco football coach Mohamed Ouahbi as brand ambassador through 2030 11:06 Ouladha Hicham and Chane Fentaya Adane win the 2026 10 Km international by WeCasablanca 17:15 Webook.com sells 35,000 match tickets in under two hours, setting an African record 10:50 Morocco's Saïdia hosts fourth international beach rugby tournament with historic women's debut 10:19 FIFA and Iranian Football officials to hold talks over 2026 World Cup participation 08:00 Masai Ujiri praises Morocco as a continental leader in sports investment 16:45 Calls grow for US designation of polisario as terrorist group 15:47 Temporary traffic changes in Casablanca for international marathon event on May 16–17 12:30
Technology

GitHub internal repositories breached through malicious VS Code extension

Yesterday 13:06
GitHub internal repositories breached through malicious VS Code extension
By: Dakir Madiha
Zoom

GitHub has confirmed that nearly 3,800 internal repositories were compromised after an employee installed a malicious Visual Studio Code extension, exposing one of the most serious supply chain security incidents to affect a major software development platform in recent years.

The intrusion was claimed by TeamPCP, a hacking group linked to a broader campaign targeting open source ecosystems and developer infrastructure since early 2026. The attackers allegedly placed GitHub’s internal source code up for sale on a cybercrime forum for at least $50,000. Screenshots circulating online showed the group threatening to release the stolen material publicly if no buyer emerged.

GitHub said it detected and contained the breach on Monday after identifying the compromised extension. The company isolated the affected workstation, revoked sensitive credentials, and removed the malicious plugin. According to the company’s preliminary investigation, the attackers gained access only to internal repositories and there is currently no evidence that customer repositories or enterprise data outside GitHub’s internal systems were affected.

The attack vector involved a compromised extension distributed through the Visual Studio Code marketplace. Security researchers believe the malware enabled attackers to steal authentication tokens, SSH keys, cloud credentials, and other sensitive secrets stored on the developer’s machine. Reports linked the incident to recent compromises involving the Nx Console extension, although GitHub did not officially confirm the plugin involved in the intrusion.

The incident forms part of a wider offensive attributed to TeamPCP against software supply chains. Since March 2026, the group has reportedly targeted several development tools and package ecosystems, including projects linked to Aqua Security, Checkmarx, Microsoft, and npm repositories. The campaign relies on self-propagating malware designed to harvest cloud credentials, password vault contents, and SSH keys from infected environments.

Cybersecurity analysts say the breach highlights growing risks tied to third-party development tools and extensions integrated into modern software engineering workflows. The attack also underscores the increasing importance of securing software supply chains as global companies rely heavily on open source ecosystems and cloud-based development infrastructure.

Keywords:



Latest News

Newsletter

Subscribe now to the Walaw website newsletter to receive all the latest updates

Email address
Your sports platform to follow all updates

All rights reserved to Walaw 2026 | powered by Imperium Solutions