// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-wedgDTG 0600Z
Breach Record

GitHub

DISCLOSED 2026-05-20 · UNKNOWN

Attackers compromised a GitHub employee's device using a weaponized Visual Studio Code extension, leading to unauthorized access and exfiltration of data from internal source code repositories. The breach was confirmed by GitHub on May 18, 2026.

The record

What we know

Disclosed
2026-05-20
Sources

Cited reporting

This page is the permanent ColdRecon entry for the GitHub disclosure. It updates if new public reporting emerges. All tracked breaches →

GitHub just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →