GitHub updates security incident investigation: An employee's device was compromised, involving a contaminated VS Code extension
By: rootdata|2026/05/20 12:43:32
0
Share
GitHub has updated the details of the investigation into the unauthorized access incident of its internal repositories: GitHub detected and contained an incident yesterday involving an employee's device being compromised, which involved a maliciously implanted VS Code extension. GitHub removed the malicious extension, isolated the affected terminals, and immediately initiated an incident response. Current assessments show that only GitHub's internal repositories experienced data exfiltration, and the approximately 3,800 repositories claimed by the attackers are roughly consistent with the investigation results. GitHub has prioritized rotating critical credentials, is analyzing logs, verifying credential rotations, and monitoring subsequent activities, with a complete report to be released after the investigation is concluded.
Additionally, Slow Mist's Chief Information Security Officer 23pds commented on this incident, stating: "By analyzing leaks from cybercrime forums, hackers may have used Anthropic's Mythos security AI to precisely breach GitHub's defenses and steal information from about 4,000 core internal repositories: including the source code for Copilot, the algorithms for CodeQL, the Actions runtime, and the entire billing system. Further analysis of this code could lead to subsequent attacks, having a profound security impact on the integration of the open-source community."
You may also like
Recovering cryptocurrency assets is a lucrative business that quietly makes a fortune
With the popularity of cryptocurrency wallets, cases of daily asset "disappearance" such as wrong chain deposits, mnemonic phrase errors, and exchange freezes are on the rise, and professional cryptocurrency asset recovery services are growing into a new market with a scale of hundreds of billions.
Gemini 3.5 is here! Tonight, Google personally eliminates Google
Chopping wood and Hassabis cleared out everything in one night! Gemini Omni generates videos from any input, 3.5 Flash crushes everything, and Spark works for you 24/7 in the cloud. This time, Google aims to bury both OpenAI and Anthropic together.
Duan Yongping establishes a position in a cryptocurrency company for the first time: Why Circle?
The stablecoin company represented by Circle is becoming the bridge that is easiest for traditional capital to understand and accept.
Vitalik: What is the key to the next phase of Ethereum?
"Code is law" — this is one of the earliest beliefs in the blockchain world. But what if the code itself has bugs? What if AI makes bugs ubiquitous? This is the question that Vitalik's latest long article attempts to answer.
Interlace: A global leader in Agentic Payment and stablecoin infrastructure platform, building the next generation of digital financial foundation
Interlace has launched two innovative products, Agent Card and Scan to Pay, bridging traditional finance and the crypto world, and comprehensively accelerating the integration of AI Agent consumption and stablecoin payments into everyday business scenarios with a more secure and efficient enterprise...
Morning Report | Musk's xAI launches Skills; Duan Yongping to first build position in Circle in Q1 2026; Polymarket partners with Nasdaq to launch prediction market
Overview of Important Market Events on May 19
Dialogue with Lead Bank Founder Jackie: American Banks Re-embrace Crypto
Excellent crypto companies are not those that are "best at circumventing regulations," but those that are "best at evolving in collaboration with regulations."
Vitalik: What we need to do is not to fight against AI, but to create a sanctuary
What is truly scarce is not computing power, but people who are willing to think proactively and retain sovereignty.
Morning News | VanEck and Grayscale submitted BNB ETF amendments on the same day; BlackRock discusses investing billions of dollars in SpaceX's IPO; Michael Saylor releases Bitcoin Tracker information again
Overview of Important Market Events on May 17
Crypto ETF Weekly | Last week, the net outflow of Bitcoin spot ETFs in the United States was $995 million; the net outflow of Ethereum spot ETFs in the United States was $255 million
Avenir Group solidifies its position as the largest Bitcoin ETF institutional holder in Asia, ranking first in the region for eight consecutive seasons.
This Week's News Preview | The Federal Reserve Releases the Last FOMC Minutes of the "Powell Era"
Highlights of the week from May 18 to May 24.
Blockchain Capital Partner: Most people's understanding of on-chain economy is narrow
In the author's view, the most astonishing things in the blockchain space have yet to be created. Flash loans give us a glimpse, but this is just the tip of the iceberg.
The ambition of "one account trading global assets": How does CoinUp.io break down asset barriers to become an industry dark horse?
Create a diversified financial ecosystem through collaboration between CEX and public chains.
How long will it take for the GPU futures market when computing power is commoditized?
Will computing power be the next major commodity? Examining the GPU futures market from five dimensions: it is still too early to talk about an explosion; the real breakthrough variable lies within the wave of open-source models and inference demand.
Harvard University loses $150 million in cryptocurrency! Has completely liquidated Ethereum and significantly reduced its Bitcoin ETF positions
In just two quarters, Harvard's public holdings in crypto assets fell from a peak of $443 million to about $117 million.
BNB Chain releases a research report exploring the migration path of BSC to post-quantum cryptography
The report explores the specific performance and implementation path impacts of replacing traditional blockchain cryptography with anti-quantum methods, including the use of ML-DSA-44 as a transaction signature scheme and the use of pqSTARK aggregated verifier consensus signatures.
After the number of developers was halved: Crypto is not dead, it has just handed over talent to AI
The trust, coordination, and verification issues encountered in the scaling of AI will ultimately require the mechanism design capabilities accumulated by the crypto industry to resolve.
"JUST 6th Anniversary x GasFree Super Carnival Month" is here: Enjoy "0" Gas transfer freedom and share a prize pool of 10,000 USDT
The total prize pool for this grand event reaches 10,000 USDT, covering multiple gameplay options such as the GasFree activation challenge, the exclusive prize pool for the pizza festival, the JUST 6th anniversary lucky koi, and knowledge competitions.
Recovering cryptocurrency assets is a lucrative business that quietly makes a fortune
With the popularity of cryptocurrency wallets, cases of daily asset "disappearance" such as wrong chain deposits, mnemonic phrase errors, and exchange freezes are on the rise, and professional cryptocurrency asset recovery services are growing into a new market with a scale of hundreds of billions.
Gemini 3.5 is here! Tonight, Google personally eliminates Google
Chopping wood and Hassabis cleared out everything in one night! Gemini Omni generates videos from any input, 3.5 Flash crushes everything, and Spark works for you 24/7 in the cloud. This time, Google aims to bury both OpenAI and Anthropic together.
Duan Yongping establishes a position in a cryptocurrency company for the first time: Why Circle?
The stablecoin company represented by Circle is becoming the bridge that is easiest for traditional capital to understand and accept.
Vitalik: What is the key to the next phase of Ethereum?
"Code is law" — this is one of the earliest beliefs in the blockchain world. But what if the code itself has bugs? What if AI makes bugs ubiquitous? This is the question that Vitalik's latest long article attempts to answer.
Interlace: A global leader in Agentic Payment and stablecoin infrastructure platform, building the next generation of digital financial foundation
Interlace has launched two innovative products, Agent Card and Scan to Pay, bridging traditional finance and the crypto world, and comprehensively accelerating the integration of AI Agent consumption and stablecoin payments into everyday business scenarios with a more secure and efficient enterprise...
Morning Report | Musk's xAI launches Skills; Duan Yongping to first build position in Circle in Q1 2026; Polymarket partners with Nasdaq to launch prediction market
Overview of Important Market Events on May 19
Contents
Popular coins
Latest Crypto News
Read more
Customer Support:@weikecs
Business Cooperation:@weikecs
Quant Trading & MM:bd@weex.com
VIP Program:support@weex.com
