GitHub suffered a compromise; details are sparse but the incident is confirmed and actively discussed.
Key Takeaways
Source page was inaccessible at fetch time; all concrete details below come from HN comments and the story title.
The compromise appears linked to a poisoned VS Code extension, based on commenter discussion.
Availability issues on GitHub were reported alongside or prior to the compromise being disclosed.
Hacker News Comment Review
Commenters converged on a poisoned VS Code extension as the attack vector, with several noting that extension and theme installs in VS Code carry the same supply-chain risk as PyPI or Docker Hub packages.
Security-conscious commenters drew parallels to npm/PyPI poisoning incidents; enterprises that already restrict those registries will likely need to extend controls to the VS Code Marketplace.
Thread quality was flagged as low, with multiple commenters noting AI-generated replies crowding out useful signal.
Notable Comments
@norman784: Stopped installing random VS Code extensions and themes entirely due to supply-chain risk.
@rbanffy: Asks how the extension got poisoned and notes enterprises will now need Marketplace restrictions alongside Docker Hub and PyPI blocks.
