Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Hackers Exploit Microsoft Entra ID to Access Sensitive Data

Hackers Exploit Microsoft Entra ID to Access Sensitive Data

Posted on May 19, 2026 By CWS

A recent security breach involving Microsoft Entra ID has raised concerns about the safety of cloud infrastructures. Hackers managed to exploit this system to access sensitive data within Microsoft 365 and Azure environments. The incident underscores the vulnerabilities present in widely used developer tools and the potential for significant data exfiltration.

Details of the Supply Chain Attack

The breach began with the publication of a compromised version of the Nx Console extension for Visual Studio Code on May 18, 2026. This extension, essential for many developers, was infiltrated with malicious code targeting developer credentials, cloud tokens, and CI/CD pipeline secrets. The attack marks the second such incident within a year, highlighting the persistent risks to open-source tools.

Version 18.95.0 of the extension, tagged as nrwl.angular-console, was uploaded with hidden malicious scripts in its main.js file. A significant number of installations, over 2.2 million globally, underscore the widespread impact of this breach. Once installed, the extension stealthily retrieved and executed a concealed payload from a hidden GitHub commit.

Impact and Consequences

Researchers from StepSecurity detailed the multi-stage attack, describing it as a sophisticated credential-stealing operation. It targeted a wide array of sensitive data sources, including GitHub tokens and AWS secrets. The payload was designed to execute rapidly and without detection, maximizing data theft before the breach was discovered just eleven minutes after its deployment.

One alarming aspect of the attack was its use of Sigstore attestation logic, which could potentially allow the attackers to distribute malicious npm packages with valid cryptographic signatures, making them appear legitimate. This capability could extend the attack’s reach beyond the initially compromised developer systems.

Response and Mitigation Measures

The attacker exploited a stolen GitHub token to insert a rogue commit into the nrwl/nx repository. This commit replaced the repository’s contents with a few files, including an obfuscated payload. The compromised extension was then uploaded to the marketplace, where it quickly operated undetected.

Users affected by the compromised extension are advised to upgrade to version 18.100.0 or later, remove any persistence artifacts, and rotate all potentially exposed credentials. The swift identification and response by the Nx team minimized the potential damage, but the incident serves as a critical reminder of the need for robust security measures in software development environments.

As the cybersecurity landscape evolves, the need for enhanced vigilance and proactive security strategies becomes ever more crucial. Ensuring the integrity of developer tools and maintaining robust security protocols can help mitigate the risks associated with such sophisticated attacks.

Cyber Security News Tags:cloud security, credential theft, Cybersecurity, developer tools, Entra ID breach, GitHub security, Microsoft, Nx Console, supply chain attack, VS Code extension

Post navigation

Previous Post: GitHub Actions Compromised to Steal CI/CD Credentials
Next Post: Malicious npm Packages Compromise AntV Ecosystem

Related Posts

CloudZ RAT Exploits Microsoft Feature to Steal OTPs CloudZ RAT Exploits Microsoft Feature to Steal OTPs Cyber Security News
PickleScan 0-Day Vulnerabilities Enable Arbitrary Code Execution via Malicious PyTorch Models PickleScan 0-Day Vulnerabilities Enable Arbitrary Code Execution via Malicious PyTorch Models Cyber Security News
OpenAI Delays GPT-5.6 Amid U.S. Government Concerns OpenAI Delays GPT-5.6 Amid U.S. Government Concerns Cyber Security News
Japan’s Army Faces Malware Breach via Infected USB Drives Japan’s Army Faces Malware Breach via Infected USB Drives Cyber Security News
Hackers Breaking Internet with 7.3 Tbps and 4.8 Billion Packets Per Second DDoS Attack Hackers Breaking Internet with 7.3 Tbps and 4.8 Billion Packets Per Second DDoS Attack Cyber Security News
Critical Update Issued for Palo Alto Cortex Vulnerability Critical Update Issued for Palo Alto Cortex Vulnerability Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Critical Linux Kernel Bug Allows Unauthorized Root Access
  • Nebula’s AI-Powered Security Tool Revolutionizes Testing
  • Avalon Malware Framework Unveils CrownX Ransomware
  • Alibaba Considers Ban on AI Tool Over Security Concerns
  • India Cracks Down on Apps Disabling E-Rickshaws

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Critical Linux Kernel Bug Allows Unauthorized Root Access
  • Nebula’s AI-Powered Security Tool Revolutionizes Testing
  • Avalon Malware Framework Unveils CrownX Ransomware
  • Alibaba Considers Ban on AI Tool Over Security Concerns
  • India Cracks Down on Apps Disabling E-Rickshaws

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark