GitHub confirms breach of 3,800 repos via malicious VSCode extension (bleepingcomputer.com)

• Malicious VSCode extension stole access tokens
• 3,800 repositories compromised
• GitHub recommends token revocation and review

"GitHub confirmed that a malicious Visual Studio Code extension compromised approximately 3,800 repositories. The extension stole access tokens, allowing attackers to push code into legitimate repos. GitHub advised users to revoke tokens and review extensions."