Stefano Marinelli
coldclimate@stefano source?
dch 
@coldclimate @stefano https://xcancel.com/i/status/2056949168208552080
"Microsoft’s GitHub was compromised when a Microsoft developer using Microsoft VSCode installed a rogue extension from Microsoft’s VSCode extension library, which is moderated and hosted by Microsoft."
-- CorboDT
GitHub (@github)
1/ We are sharing additional details regarding our investigation into unauthorized access to GitHub's internal repositories. Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately.