Technology & Science

TeamPCP Heist: Malicious VS Code Extension Breaches 3,800 GitHub Internal Repositories

On 20 May 2026 GitHub revealed that a single poisoned Visual Studio Code plugin on an employee laptop let the TeamPCP supply-chain gang siphon off roughly 3,800 of its private repositories, which the hackers are now offering for at least US $50,000 on underground forums.

By Underlines Team

Focusing Facts

  1. TeamPCP’s BreachForums listing advertises “~4,000” GitHub repos for sale with a minimum price tag of $50k and promises a free leak if no buyer emerges.
  2. GitHub says it rotated high-impact secrets within hours and has found no evidence of customer-hosted repos or enterprises being touched.
  3. Investigators traced the entry point to the nrwl.angular-console VS Code extension, installed over 2.2 million times before the compromise was pulled.

See how 3 sources reported this story.

Where they agree. Where they disagree. What they left out.

  • Full multi-perspective analysis on every story
  • Primary source links for every claim
  • Daily email briefing — no algorithm

Perspectives in this article

  • Cybersecurity trade press
  • General tech news sites
  • Crypto & finance-focused media
Share

Related Stories