GitHub's VS Code Extension Breach: What We Know, What We Don't, and How to Defend
GitHub says an employee device was compromised through a poisoned third-party VS Code extension and internal repositories were exfiltrated. Here is the fact-checked breakdown for defenders.