Bleeping Computer:

GitHub has confirmed that roughly 3,800 internal repositories were breached after one of its employees installed a malicious VS Code extension.

The company has since removed the unnamed trojanized extension from the VS Code marketplace and has secured the compromised device.

"Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately," the company said.

"Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only. The attacker's current claims of ~3,800 repositories are directionally consistent with our investigation so far."

A GitHub le está lloviendo sobre mojado. Aaron Holmes en The Information antier:

The AI boom has boosted usage and revenue of the code repository as well as GitHub Copilot, an AI coding assistant. But GitHub has struggled to respond to new AI coding competitors that have since overtaken it. And the service has suffered from frequent and major outages, peeving big customers and prompting Microsoft to issue an apology.

Me pregunto cuál va a ser la gota que va a derramar el vaso. Siento que GitLab y opciones de código abierto van a comenzar a ser muuuuuuuuuuy populares pronto.