GitHub Breached: 3,800 Repos Nuked by a Sketchy VSCode Extension

May 21, 20262 min read

GitHub confirms 3,800 repos were compromised via a malicious VSCode extension. Time to audit your editor before your source code gets leaked.

Share this post:

coding, computer, hacker, hacking, html, programmer, programming, script, scripting, source code, coding, coding, coding, coding, computer, computer, hacker, hacker, hacker, hacker, hacker, hacking, hacking, programming, programming

Nguồn gốc: https://coding4food.com/post/github-leak-3800-repo-via-malicious-vscode-extension-en. Nội dung thuộc bản quyền Coding4Food. Original source: https://coding4food.com/post/github-leak-3800-repo-via-malicious-vscode-extension-en. Content is property of Coding4Food. This content was scraped without permission from https://coding4food.com/post/github-leak-3800-repo-via-malicious-vscode-extension-enNguồn gốc: https://coding4food.com/post/github-leak-3800-repo-via-malicious-vscode-extension-en. Nội dung thuộc bản quyền Coding4Food. Original source: https://coding4food.com/post/github-leak-3800-repo-via-malicious-vscode-extension-en. Content is property of Coding4Food. This content was scraped without permission from https://coding4food.com/post/github-leak-3800-repo-via-malicious-vscode-extension-en

Share this post:

Bình luận

Technology IT Drama

TanStack's NPM Nightmare: A Supply-Chain Attack and What We Can Learn From It

TanStack just got hit by an NPM supply-chain attack. Here's a raw breakdown of what went down, the community fallout, and how to protect your code.

May 123 min read

scam, phishing, fraud, email, attack, mail, online, system, cybercrime, information, access, credit, money, hack, hacker, laptop, malware, password, protection, software, steal, orange money, orange laptop, orange online, orange email, orange information, orange software, scam, scam, scam, scam, scam, phishing, phishing, phishing, phishing, fraud, fraud, email, cybercrime, malware

Technology IT Drama

Big Yikes: Microsoft Edge Caught Storing Passwords in Plaintext in Memory

Microsoft Edge was just caught storing user passwords in plaintext in RAM. Is it a massive security flaw or just another Tuesday? Let's dive into the drama.

May 53 min read

icon, icons, wordpress, sites, website, web design, design, construction sites, icons wordpress, wordpress, wordpress, wordpress, wordpress, wordpress

Technology IT Drama

Someone Bought 30 WordPress Plugins Just to Plant a Backdoor: The Ultimate Supply-Chain Heist

A threat actor bought 30 abandoned WordPress plugins, injected a backdoor, and pushed malicious updates to thousands of sites. Check your WP admins now!

Apr 143 min read

hacker, hacking, theft, cyber, malware, computer, security, credit card, virus, internet, screen, trojan, evil, program, thief, comic, cartoon character, programming, it, evil hackers, hacker, hacker, hacker, hacker, hacker, hacking, malware, thief

IT Drama Technology

Axios Compromised on NPM: When Your Favorite HTTP Client Drops a Trojan

The ultimate NPM nightmare: Malicious Axios versions caught dropping remote access trojans. Here's what happened and how to avoid getting pwned.

Apr 13 min read

system error, malware, laptop, computer, system, security, internet, warning, pc, web, network, data, programming, hacker, trojan, technology, system error, system error, malware, malware, malware, malware, malware, hacker

Technology IT Drama

Red Alert: Litellm PyPI Packages Compromised (v1.82.7 & v1.82.8)

Litellm versions 1.82.7 and 1.82.8 on PyPI have been compromised with a forkbomb payload. Python devs, check your requirements.txt before your servers crash.

Mar 252 min read

person, suit, medical, protection, virologist, covid-19, disinfection, quarantine, coronavirus, pandemic, epidemic, epidemiologist, security, adult, equipment, medical, medical, covid-19, covid-19, covid-19, disinfection, quarantine, coronavirus, coronavirus, pandemic, pandemic, pandemic, pandemic, pandemic, epidemic, epidemic, security

IT Drama Technology

Replacing TSA with Armed ICE Agents: The Ultimate IRL 'Wrong Branch Merge'

Reddit is losing its mind over a plan to replace TSA with armed ICE agents. What can devs learn from this disastrous resource allocation?

Mar 233 min read

Imagine sipping your morning coffee, checking your emails, and boom—GitHub tells you your private repos just got fully exposed. Spoiler alert: the culprit was living rent-free right inside your favorite code editor.

TL;DR: How a random extension ruined thousands of weekends

GitHub just dropped a bombshell, confirming a massive unauthorized access incident. Here is the breakdown for the busy devs:

The casualty count is rough: Around 3,800 repositories were illegally accessed.
The vector? Not a direct hack on GitHub's infrastructure, but a malicious VSCode extension that sneaked its way into developers' local setups.
The workflow was pure evil: You install a handy-looking extension -> it silently steals your GitHub authentication tokens -> sends them back to the attacker's server -> the attacker clones your private life.
This is a textbook supply chain attack. Devs have a bad habit of blind-trusting the VSCode Marketplace, hitting "Install" on shiny new tools without checking if the publisher is actually legit or just some random script kiddie.

Hacker News & Reddit are throwing hands

While the main Hacker News thread is still brewing, dev communities across the internet are already splitting into factions:

The Panicking Devs: "FML, I woke up to a GitHub alert. Now I have to rotate every single token, audit my entire codebase for backdoors, and explain this to my PM. Kill me now."
The Microsoft Blamers: "The VSCode marketplace is becoming a wild west. Microsoft needs to properly vet this garbage before letting anyone upload an extension. The review process is a joke!"
The Vim Elitists: "This is exactly why I use Neovim with zero third-party plugins. By the way, if you accidentally hardcoded your cloud vps keys or crypto wallet mnemonics in those private repos, you're officially cooked."

C4F's Takeaway: Survival rules for the paranoid dev

We trust our IDEs too much. To avoid becoming the main character of the next tech disaster, keep these survival rules in mind:

Stop treating the VSCode Marketplace like a free candy van. Check the publisher, check the download count, and read the damn reviews before clicking install.

Embrace the Principle of Least Privilege. When generating a Personal Access Token (PAT), don't just grant it God-mode access to everything out of laziness. Scope it down!

Lastly, do a spring cleaning of your extensions. If you haven't used that "Super Rainbow Bracket Colorizer 9000" in six months, uninstall it. Less extensions, less attack surface.

Source:

BleepingComputer: GitHub confirms breach of 3,800 repos via malicious VSCode extension

TL;DR: How a random extension ruined thousands of weekends

GitHub just dropped a bombshell, confirming a massive unauthorized access incident. Here is the breakdown for the busy devs:

The casualty count is rough: Around 3,800 repositories were illegally accessed.

The vector? Not a direct hack on GitHub's infrastructure, but a malicious VSCode extension that sneaked its way into developers' local setups.

The workflow was pure evil: You install a handy-looking extension -> it silently steals your GitHub authentication tokens -> sends them back to the attacker's server -> the attacker clones your private life.

This is a textbook supply chain attack. Devs have a bad habit of blind-trusting the VSCode Marketplace, hitting "Install" on shiny new tools without checking if the publisher is actually legit or just some random script kiddie.

Hacker News & Reddit are throwing hands

While the main Hacker News thread is still brewing, dev communities across the internet are already splitting into factions:

The Panicking Devs: "FML, I woke up to a GitHub alert. Now I have to rotate every single token, audit my entire codebase for backdoors, and explain this to my PM. Kill me now."

The Microsoft Blamers: "The VSCode marketplace is becoming a wild west. Microsoft needs to properly vet this garbage before letting anyone upload an extension. The review process is a joke!"

The Vim Elitists: "This is exactly why I use Neovim with zero third-party plugins. By the way, if you accidentally hardcoded your cloud vps keys or crypto wallet mnemonics in those private repos, you're officially cooked."

C4F's Takeaway: Survival rules for the paranoid dev

We trust our IDEs too much. To avoid becoming the main character of the next tech disaster, keep these survival rules in mind:

Stop treating the VSCode Marketplace like a free candy van. Check the publisher, check the download count, and read the damn reviews before clicking install.

Embrace the Principle of Least Privilege. When generating a Personal Access Token (PAT), don't just grant it God-mode access to everything out of laziness. Scope it down!

Lastly, do a spring cleaning of your extensions. If you haven't used that "Super Rainbow Bracket Colorizer 9000" in six months, uninstall it. Less extensions, less attack surface.

Source:

GitHub Breached: 3,800 Repos Nuked by a Sketchy VSCode Extension

Bình luận

Related posts

TanStack's NPM Nightmare: A Supply-Chain Attack and What We Can Learn From It

Big Yikes: Microsoft Edge Caught Storing Passwords in Plaintext in Memory

Someone Bought 30 WordPress Plugins Just to Plant a Backdoor: The Ultimate Supply-Chain Heist

Axios Compromised on NPM: When Your Favorite HTTP Client Drops a Trojan

Red Alert: Litellm PyPI Packages Compromised (v1.82.7 & v1.82.8)

Replacing TSA with Armed ICE Agents: The Ultimate IRL 'Wrong Branch Merge'

GitHub Breached: 3,800 Repos Nuked by a Sketchy VSCode Extension

TL;DR: How a random extension ruined thousands of weekends

Hacker News & Reddit are throwing hands

C4F's Takeaway: Survival rules for the paranoid dev

Bình luận

Related posts

TanStack's NPM Nightmare: A Supply-Chain Attack and What We Can Learn From It

Big Yikes: Microsoft Edge Caught Storing Passwords in Plaintext in Memory

Someone Bought 30 WordPress Plugins Just to Plant a Backdoor: The Ultimate Supply-Chain Heist

Axios Compromised on NPM: When Your Favorite HTTP Client Drops a Trojan

Red Alert: Litellm PyPI Packages Compromised (v1.82.7 & v1.82.8)

Replacing TSA with Armed ICE Agents: The Ultimate IRL 'Wrong Branch Merge'

TL;DR: How a random extension ruined thousands of weekends

Hacker News & Reddit are throwing hands

C4F's Takeaway: Survival rules for the paranoid dev