GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

· Source: VentureBeat · Field: Technology & Digital — Cybersecurity & Data Privacy, Software Development & Engineering, Artificial Intelligence & Machine Learning · Depth: Advanced, medium

Summary

GitHub confirmed on May 20, 2026, that approximately 3,800 internal repositories were stolen via a poisoned VS Code extension installed on an employee's device. The threat group TeamPCP (UNC6780) claimed responsibility, advertising the stolen data for sale starting at \$50,000. This incident is part of a broader "Mini Shai-Hulud" supply chain worm campaign, which also saw 639 malicious npm package versions with forged Sigstore provenance, a compromised GitHub Actions workflow, and Microsoft's durabletask Python SDK breached on PyPI, all around May 19. Additionally, a compromised Nx Console VS Code extension with 2.2 million installs was reported on May 18. The period also saw disclosures of AI agent vulnerabilities, including auto-execution of untrusted servers and prompt injection leading to RCE, alongside a significant increase in identity theft via social channels.

Key takeaway

For Security Engineers managing development pipelines and AI agent deployments, you must immediately reassess your supply chain and AI runtime security posture. The recent GitHub breach and widespread worm attacks demonstrate that provenance checks and trust dialogs are insufficient. You should prioritize rotating all GitHub-issued tokens, pinning VS Code extension versions, and configuring AI agents to require explicit server approvals. Additionally, upgrade Semantic Kernel to mitigate prompt injection risks and integrate social channels into insider threat playbooks.

Key insights

Chained supply chain and AI agent vulnerabilities are actively exploited, bypassing traditional security measures.

Principles

Method

The Mini Shai-Hulud worm forges Sigstore certificates at runtime. Detect by running `find . -name 'router_init.js' -size +1M` and `grep` for hash `79ac49eedf774dd4b0cfa308722bc463cfe5885c`.

In practice

Topics

Best for: CTO, VP of Engineering/Data, Director of AI/ML, AI Security Engineer, Security Engineer, Software Engineer

Related on AIssential

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by VentureBeat.