GitHub confirms malicious VS Code extension exposed internal code repositories | Textpad