GitHub has confirmed that roughly 3,800 internal repositories were breached after one of its employees installed a malicious VS Code extension. [...]
GitHub confirms breach of 3,800 repos via malicious VSCode extension
Summary + source link. No paywalls, no tracking.