GitHub has confirmed that a malicious VS Code extension led to the theft of 3,800 internal repositories, compromising its private source code. This incident highlights vulnerabilities in software development tools and the potential risks of third-party extensions.