THREATNOIR
Subscribe
Back to Feed
Supply ChainMay 20, 2026

GitHub, a company owned by Microsoft, was compromised. A GitHub employee browsing the VS Code ma...

GitHub employee unknowingly installed malicious VS Code extension from marketplace.

Read at source

Summary

A GitHub employee was compromised after installing a malicious Visual Studio Code extension from the VS Code Marketplace. The incident highlights supply chain risks within Microsoft-owned ecosystems, where trusted platforms can be vectors for malware distribution. Microsoft maintains guidance on securing extension installations, yet the marketplace was exploited to target an insider.

Indicators of Compromise

  • malware — malicious VS Code extension

Entities

Microsoft (vendor)GitHub (product)Visual Studio Code (product)VS Code Marketplace (product)