How a poisoned VS Code extension breached GitHub — and the npm attack that started it all
This week GitHub confirmed that roughly 3,800 of its internal repositories were breached after an employee installed a malicious VS Code extension. The extension was live on the official Visual Studio Marketplace for 18 minutes. That was enough. The breach didn’t come out of nowhere. It’s the latest escalation in a coordinated supply chain campaign by a threat group called TeamPCP — and it connects back to a sophisticated npm attack that happened ten days earlier. Here’s how the whole thing fits together. ...