[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$frK6NS447djjnw4OIVXowIYHBVdU8t7Oj289kaXUioVw":3},{"article":4,"iocs":48},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":28,"category":29,"article_tags":32},"6ccc6890-57eb-4f83-a147-eae435ba2ee7","GitHub, a company owned by Microsoft, was compromised.\n\nA GitHub employee browsing the VS Code ma...","github-a-company-owned-by-microsoft-was-compromised-a-github-employee-browsing-t-36acc2","GitHub, a company owned by Microsoft, was compromised.\n\nA GitHub employee browsing the VS Code marketplace, an asset owned and operated by Microsoft, inadvertently donated a malicious VS Code extension, which Microsoft offers guidance and best practices on to avoid https:\u002F\u002Ft.co\u002FZyXj4lxl94 https:\u002F\u002Ft.co\u002FQGHXMwAf5I","A GitHub employee was compromised after installing a malicious Visual Studio Code extension from the VS Code Marketplace. The incident highlights supply chain risks within Microsoft-owned ecosystems, where trusted platforms can be vectors for malware distribution. Microsoft maintains guidance on securing extension installations, yet the marketplace was exploited to target an insider.","GitHub employee unknowingly installed malicious VS Code extension from marketplace.",null,"https:\u002F\u002Fx.com\u002Fvxunderground\u002Fstatus\u002F2056980048695984549","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHIvcPCVWgAANwTR.jpg","2026-05-20T06:07:15+00:00","2026-05-20T07:00:08.877484+00:00",7,[18,21,24,26],{"name":19,"type":20},"Microsoft","vendor",{"name":22,"type":23},"GitHub","product",{"name":25,"type":23},"Visual Studio Code",{"name":27,"type":23},"VS Code Marketplace","26b0b636-0e31-4db1-bffb-61bdf9f20a58",{"id":28,"icon":11,"name":30,"slug":31},"Supply Chain","supply-chain",[33,38,43],{"category":34},{"id":35,"icon":11,"name":36,"slug":37},"02371804-cf6d-4449-98de-f1a2d4d9b266","Tools","tools",{"category":39},{"id":40,"icon":11,"name":41,"slug":42},"89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5","Malware","malware",{"category":44},{"id":45,"icon":11,"name":46,"slug":47},"ade75414-7914-4e23-a450-48b64546ee70","Open Source","open-source",[49],{"type":42,"value":50,"context":51},"malicious VS Code extension","Distributed via official VS Code Marketplace to compromise GitHub employee"]