GitHub's 3,800-Repo Breach: How a Poisoned VS Code Extension Burned the World's Biggest Code Host

One poisoned VS Code extension on one GitHub employee's laptop cost the company ~3,800 internal repositories. Here is the attack chain, the Mini Shai-Hulud worm internals, and the rotate-everything checklist that follows.