// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-newsDTG 0600Z
Breach Record

GitHub

DISCLOSED 2026-05-29 · MALWARE

GitHub confirmed that approximately 3,800 internal repositories were impacted after an employee device was compromised. The breach originated from a poisoned VS Code extension. No details on exposed data or records were provided.

The record

What we know

Disclosed
2026-05-29
Attack vector
Malware
Sector
Technology
Country
US
Domain
github.com
ENDPOINT INVOLVED
ColdRecon assessment

Could a positive-security control have prevented this?

Verdict · partial · opinion

A positive-security model might have prevented the malicious extension from executing if it was not part of a known-good state, but could be bypassed if the extension was signed or appeared legitimate.

Our assessments are opinion, grounded in the cited public facts. Read them critically.

Sources

Cited reporting

Similar vector · recent

Other malware breaches on file

This page is the permanent ColdRecon entry for the GitHub disclosure. It updates if new public reporting emerges. All tracked breaches →

GitHub just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →