The VS Code Extension That Broke GitHub

This week's dominant story isn't a zero-day in enterprise software — it's developers themselves becoming the attack surface, their tools weaponized before a single line of production code is touched.

GitHub's 3,800-Repository Breach Started With One Extension

GitHub confirmed that roughly 3,800 internal repositories were compromised after a single employee installed a malicious VS Code extension. The breach, initially claimed by the TeamPCP hacker group, extended to Grafana Labs as well, where source code was exposed via a poisoned TanStack npm package embedded in their build pipeline. Grafana says customer production systems were unaffected — but that framing undersells the exposure. Private source repositories are the blueprint for everything downstream. The vector here — developer tooling — is harder to monitor than endpoint malware precisely because extensions and packages are actively trusted by the IDE and the CI runner.

Six Hundred npm Packages in One Wave

The Shai-Hulud campaign published more than 600 malicious packages to npm in a single push. A subsequent analysis identified four packages delivering infostealers and Phantom Bot DDoS malware, one of which is a direct clone of the TeamPCP-authored Shai-Hulud worm — suggesting the tooling is spreading across crews. Researchers separately documented three coordinated campaigns hitting npm, PyPI, and Docker Hub within 48 hours, all targeting credentials and secrets on developer machines rather than production hosts. The attacker logic is coherent: steal signing keys and API tokens from a laptop, and you own the pipeline without ever touching a server.

YellowKey Gives BitLocker a Bad Week

Microsoft issued a mitigation for CVE-2026-45585, a BitLocker security feature bypass carrying a CVSS of 6.8. YellowKey allows an attacker with physical or local access to read a protected drive without the encryption key. Practical mitigations are available, but a full patch has not shipped. For environments relying on BitLocker as a sole data-at-rest control, the flaw is a useful reminder that full-disk encryption buys you physical-loss protection, not defense against a local session.

Turla Rewires Kazuar Into a Peer-to-Peer Botnet

The Russian state-sponsored group Turla has refactored its Kazuar backdoor into a modular P2P botnet, a meaningful architectural shift designed to eliminate the single-point-of-failure that centralized C2 represents. Infected hosts now relay instructions through each other; losing one node doesn't break the network, and there's no server to seize or sinkhole. CISA has previously attributed Turla to Russia's FSB. The evolution tracks a broader pattern among well-resourced threat actors: spend the tooling budget on resilience, not novelty.

AI Infrastructure Has a Vulnerability Problem

A max-severity flaw in ChromaDB — the vector database at the core of many LLM application stacks — allows unauthenticated remote code execution on exposed instances. ChromaDB is routinely deployed without authentication in development environments and, with some frequency, left that way in production. The risk profile is broad: any team building RAG pipelines or AI search that exposed a ChromaDB instance without a network boundary is a candidate for full server compromise. The pattern is not new — fast adoption, authentication as an afterthought, exposure before anyone audits the defaults.

The through-line this week is trust. Attackers are not battering hardened perimeters; they are walking through channels defenders have explicitly allowed — package managers, IDE extension marketplaces, AI infrastructure, VPN appliances. When the intrusion vector is indistinguishable from normal developer workflow, signature-based detection is largely beside the point.