Compromised Nx Console Extension and GitHub Internal Repository Breach

Опубликовано: 26 Июнь 2026
на канале: Juan Romero - SOCFortress Cofounder
43
2

Supply-chain attack involving a compromised VS Code extension known as Nx Console. An attacker managed to upload a malicious version of the tool by exploiting leaked developer credentials, leading to the theft of sensitive data such as security tokens and private keys. GitHub confirmed that the breach extended to their internal systems, resulting in the exfiltration of thousands of private repositories after an employee installed the poisoned software. In response, developers have patched the extension and implemented stricter multi-admin approval requirements for future releases. Users are urged to rotate all credentials and update to the latest version to mitigate ongoing risks.