Skip to content

GitHub Confirms Data Breach via Compromised Nx Console VS Code Extension

In a nutshell: A Nx Console extension compromised by cybercriminals (TeamPCP) enabled credential stealers and the theft of approximately 3,800 GitHub internal repositories in just 18 minutes of Marketplace availability.

GitHub has officially confirmed that unauthorized access to internal repositories was enabled by a compromised version of the Nx Console VS Code extension. The extension was prepared following a security incident at a developer system of the Nx team, after the TanStack supply chain attack had previously come to light.

The security breach resulted from the compromise of an employee device at Narwhal Technologies with a poisoned version of the Nx Console extension (nrwl.angular-console). The security incident is directly linked to the TanStack supply chain attack, which also affected OpenAI, Mistral AI, and Grafana Labs. The cybercriminal group TeamPCP is responsible for these attacks.

The trojanized extension was available in the Visual Studio Marketplace only between 12:30 and 12:48 UTC on May 18, 2026 – a window of just 18 minutes. During this short timeframe, attackers succeeded in distributing a credential-stealing tool that could harvest credentials from 1Password vaults, Anthropic Claude Code configurations, npm, GitHub, and AWS systems. According to OX Security researcher Nir Zadok, the extension executed a hidden shell script on startup that downloaded and ran a prepared package from a specific commit of the official nrwl/nx GitHub repository – disguised as routine MCP configuration.

GitHub CISO Alexis Wales explained that “there are no indications of impact on customer information outside GitHub’s internal repositories,” such as in customer systems or repositories themselves. However, GitHub’s internal repositories do contain some customer information, such as excerpts from support interactions. In cases of impact, affected customers will be notified via established incident response channels. GitHub has rotated critical credentials and continues to monitor for follow-on attacks.

The incident illustrates a systemic problem in modern software distribution: auto-update functionality in extension marketplaces like the Visual Studio Code Marketplace is enabled by default and does not delay between publication and installation. Aikido security researcher Raphael Silva points out that marketplaces do not implement review gates or waiting periods, which gives compromised publishers direct access to all user systems with the extension. Jeff Cross, co-founder of Narwhal Technologies, announced plans to work with other open source maintainers on deeper structural issues in supply chain security.


Source: ainews-dev.lumi-systems.io · Published May 21, 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification via Lumi News Pipeline v1.5.2.

Share on: