2026 · 05 · 20
4 min read
The GitHub VS Code Extension Breach, in Threat-Model Terms
GitHub's internal repos got exfiltrated through a poisoned VS Code extension. Here's the threat model that actually matters — and what credential-storage architecture can and can't do about it.
securityincidentsecretssupply-chain
