Cybercriminals from the TeamPCP group exploited a malicious Nx Console VS Code extension to gain access to GitHub’s internal systems as part of a larger NPM supply chain attack affecting TanStack, Mistral AI, and other projects, demanding at least $50,000 for stolen data.