GitHub has confirmed a cyberattack after a threat actor claimed to be selling stolen company data. The breach involved unauthorized access to internal repositories via a compromised employee device using a poisoned VS Code extension. GitHub has contained the incident, rotated critical secrets, and is investigating the extent of the exfiltration, which appears to be limited to internal code.