A breach of GitHub's internal repositories has been confirmed, resulting from a malicious Visual Studio Code (VS Code) extension. The threat group TeamPCP has taken responsibility for the hack, highlighting the vulnerability of even prominent organizations to supply chain attacks. The breach is particularly concerning given GitHub's central role in the development of software used worldwide. Technical details of the breach have not been fully disclosed, but the use of a malicious VS Code extension suggests a highly targeted attack. The breach has significant implications for the security of the software development process, as compromised internal repositories could potentially lead to the introduction of vulnerabilities in widely used code1. This matters to practitioners because a breach of this nature can have far-reaching consequences, including the potential for downstream vulnerabilities in dependent software projects.