GitHub confirms hackers stole thousands of internal code repositories after employee installed a poisoned VS Code extension — Blankdot