FILTERING BY: CLEAR FILTER

GitHub Internal Repository Breach via Poisoned Nx VS Code Extension

A high-impact supply chain attack has compromised approximately 3,800 of GitHub's internal repositories. The breach originated from a poisoned version of the 'nrwl.angular-console' (Nx Console) Microsoft Visual Studio Code extension. By infiltrating a GitHub employee's development environment, the threat actor likely leveraged token-stealing mechanisms or a VS Code zero-day vulnerability to exfiltrate authentication tokens and access proprietary source code. The compromised data, including sensitive internal intellectual property, has reportedly been listed for sale on underground dark web forums. This incident highlights critical risks in developer tooling and the potential for secondary compromises through stolen credentials.


LINK COPIED TO CLIPBOARD