GitHub updates security incident investigation: An employee's device was compromised, involving a contaminated VS Code extension
By: rootdata|2026/05/20 12:43:32
0
Share
GitHub has updated the details of the investigation into the unauthorized access incident of its internal repositories: GitHub detected and contained an incident yesterday involving an employee's device being compromised, which involved a maliciously implanted VS Code extension. GitHub removed the malicious extension, isolated the affected terminals, and immediately initiated an incident response. Current assessments show that only GitHub's internal repositories experienced data exfiltration, and the approximately 3,800 repositories claimed by the attackers are roughly consistent with the investigation results. GitHub has prioritized rotating critical credentials, is analyzing logs, verifying credential rotations, and monitoring subsequent activities, with a complete report to be released after the investigation is concluded.
Additionally, Slow Mist's Chief Information Security Officer 23pds commented on this incident, stating: "By analyzing leaks from cybercrime forums, hackers may have used Anthropic's Mythos security AI to precisely breach GitHub's defenses and steal information from about 4,000 core internal repositories: including the source code for Copilot, the algorithms for CodeQL, the Actions runtime, and the entire billing system. Further analysis of this code could lead to subsequent attacks, having a profound security impact on the integration of the open-source community."
You may also like
The tokenized market will reach a trillion-dollar scale, but there are still four major obstacles
Tokenizing trillions of dollars in assets is no longer a question of "if it will happen," but rather a question of who will build the applications for issuing, trading, and custodial services for these assets on a global scale.
WEEX Crypto Pizza Day: Join Us in Dubai for a Slice of Crypto History
Join WEEX in Dubai for a Bitcoin Pizza Day celebration of the first bitcoin transaction – 10,000 BTC for pizza (now worth $774,880,000 by the time of writing). Live trading, poker, and networking with crypto elites. Join WEEX, for a slice of crypto history.
Harvard and other institutions are liquidating their assets, and six core talents have left in a month. What is happening with Ethereum?
Vitalik's long-term vision is clear, but the realization of that vision requires stable coordination capabilities and continuous experience accumulation, both of which seem to be rapidly diminishing.
WEEX P2P now supports KES—Merchant Recruitment Now Open
To make crypto deposits easier, WEEX has officially launched its P2P trading platform and continues to expand fiat support. We're excited to announce that the Kenyan Shilling (KES) is now available on WEEX P2P!
Recovering cryptocurrency assets is a lucrative business that quietly makes a fortune
With the popularity of cryptocurrency wallets, cases of daily asset "disappearance" such as wrong chain deposits, mnemonic phrase errors, and exchange freezes are on the rise, and professional cryptocurrency asset recovery services are growing into a new market with a scale of hundreds of billions.
Gemini 3.5 is here! Tonight, Google personally eliminates Google
Chopping wood and Hassabis cleared out everything in one night! Gemini Omni generates videos from any input, 3.5 Flash crushes everything, and Spark works for you 24/7 in the cloud. This time, Google aims to bury both OpenAI and Anthropic together.
Duan Yongping establishes a position in a cryptocurrency company for the first time: Why Circle?
The stablecoin company represented by Circle is becoming the bridge that is easiest for traditional capital to understand and accept.
Vitalik: What is the key to the next phase of Ethereum?
"Code is law" — this is one of the earliest beliefs in the blockchain world. But what if the code itself has bugs? What if AI makes bugs ubiquitous? This is the question that Vitalik's latest long article attempts to answer.
Interlace: A global leader in Agentic Payment and stablecoin infrastructure platform, building the next generation of digital financial foundation
Interlace has launched two innovative products, Agent Card and Scan to Pay, bridging traditional finance and the crypto world, and comprehensively accelerating the integration of AI Agent consumption and stablecoin payments into everyday business scenarios with a more secure and efficient enterprise...
Morning Report | Musk's xAI launches Skills; Duan Yongping to first build position in Circle in Q1 2026; Polymarket partners with Nasdaq to launch prediction market
Overview of Important Market Events on May 19
WEEX P2P now supports COP—Merchant Recruitment Now Open
To make crypto deposits easier, WEEX has officially launched its P2P trading platform and continues to expand fiat support. We're excited to announce that the Colombian Peso (COP) is now available on WEEX P2P!
Dialogue with Lead Bank Founder Jackie: American Banks Re-embrace Crypto
Excellent crypto companies are not those that are "best at circumventing regulations," but those that are "best at evolving in collaboration with regulations."
Vitalik: What we need to do is not to fight against AI, but to create a sanctuary
What is truly scarce is not computing power, but people who are willing to think proactively and retain sovereignty.
Morning News | VanEck and Grayscale submitted BNB ETF amendments on the same day; BlackRock discusses investing billions of dollars in SpaceX's IPO; Michael Saylor releases Bitcoin Tracker information again
Overview of Important Market Events on May 17
Crypto ETF Weekly | Last week, the net outflow of Bitcoin spot ETFs in the United States was $995 million; the net outflow of Ethereum spot ETFs in the United States was $255 million
Avenir Group solidifies its position as the largest Bitcoin ETF institutional holder in Asia, ranking first in the region for eight consecutive seasons.
This Week's News Preview | The Federal Reserve Releases the Last FOMC Minutes of the "Powell Era"
Highlights of the week from May 18 to May 24.
Blockchain Capital Partner: Most people's understanding of on-chain economy is narrow
In the author's view, the most astonishing things in the blockchain space have yet to be created. Flash loans give us a glimpse, but this is just the tip of the iceberg.
The ambition of "one account trading global assets": How does CoinUp.io break down asset barriers to become an industry dark horse?
Create a diversified financial ecosystem through collaboration between CEX and public chains.
The tokenized market will reach a trillion-dollar scale, but there are still four major obstacles
Tokenizing trillions of dollars in assets is no longer a question of "if it will happen," but rather a question of who will build the applications for issuing, trading, and custodial services for these assets on a global scale.
WEEX Crypto Pizza Day: Join Us in Dubai for a Slice of Crypto History
Join WEEX in Dubai for a Bitcoin Pizza Day celebration of the first bitcoin transaction – 10,000 BTC for pizza (now worth $774,880,000 by the time of writing). Live trading, poker, and networking with crypto elites. Join WEEX, for a slice of crypto history.
Harvard and other institutions are liquidating their assets, and six core talents have left in a month. What is happening with Ethereum?
Vitalik's long-term vision is clear, but the realization of that vision requires stable coordination capabilities and continuous experience accumulation, both of which seem to be rapidly diminishing.
WEEX P2P now supports KES—Merchant Recruitment Now Open
To make crypto deposits easier, WEEX has officially launched its P2P trading platform and continues to expand fiat support. We're excited to announce that the Kenyan Shilling (KES) is now available on WEEX P2P!
Recovering cryptocurrency assets is a lucrative business that quietly makes a fortune
With the popularity of cryptocurrency wallets, cases of daily asset "disappearance" such as wrong chain deposits, mnemonic phrase errors, and exchange freezes are on the rise, and professional cryptocurrency asset recovery services are growing into a new market with a scale of hundreds of billions.
Gemini 3.5 is here! Tonight, Google personally eliminates Google
Chopping wood and Hassabis cleared out everything in one night! Gemini Omni generates videos from any input, 3.5 Flash crushes everything, and Spark works for you 24/7 in the cloud. This time, Google aims to bury both OpenAI and Anthropic together.
Contents
Popular coins
Latest Crypto News
21:43
Customer Support:@weikecs
Business Cooperation:@weikecs
Quant Trading & MM:bd@weex.com
VIP Program:support@weex.com
