GitHub confirmed that 3,800 internal repositories were breached after an employee installed a malicious VSCode extension from Microsoft’s official marketplace. The TeamPCP hacker group claimed responsibility and is selling the stolen code for at least $50,000.