Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Nx Console Extension Breach: Developer Secrets at Risk

Nx Console Extension Breach: Developer Secrets at Risk

Posted on May 19, 2026 By CWS

The Nx Console extension for Visual Studio Code, with over 2.2 million installations, was compromised in May 2026, exposing millions of developers to potential credential theft. Attackers released a malicious version of the extension that infiltrated the official VS Code Marketplace, posing serious security risks to developers.

Details of the Breach

On May 18, 2026, attackers published version 18.95.0 of the Nx Console extension using stolen credentials. This version contained a hidden payload that activated upon opening any workspace. The payload was cleverly concealed within an orphan commit on the official nrwl/nx GitHub repository.

Fortunately, the compromised version was live for only about 11 minutes before being detected and removed by the Nx team. This swift action minimized the impact, but the breach highlighted significant vulnerabilities in the supply chain.

Investigative Findings

According to a report by StepSecurity, the attack was part of a larger, multi-stage supply chain attack, marking the second incident affecting the Nx ecosystem within a year. The payload was designed to steal a wide array of credentials, targeting platforms like GitHub, npm, AWS, and more.

The sophisticated attack also included mechanisms to exfiltrate data through multiple channels, including HTTPS and DNS tunneling. This made it challenging to detect and block the data theft effectively. Additionally, it targeted AI coding assistants, a first for supply chain attacks.

Security Measures and Recommendations

Developers using the compromised version between 12:36 and 12:47 UTC on May 18 are advised to consider their credentials compromised. Immediate actions include updating to version 18.100.0 or later and removing any backdoor artifacts.

Particularly on macOS, users should remove the persistent backdoor located at ~/.local/share/kitty/cat.py and related LaunchAgent entries. It is crucial to rotate all credentials, including GitHub tokens, npm tokens, and any stored secrets, to prevent unauthorized access.

Finally, understanding the indicators of compromise, such as specific file hashes and Git commit identifiers, can aid in identifying affected systems. Developers should remain vigilant and follow best practices for securing their development environments.

Cyber Security News Tags:AI coding assistants, cloud security, credential theft, Cybersecurity, developer security, extension breach, GitHub, Malware, Nx Console, StepSecurity, supply chain attack, VS Code

Post navigation

Previous Post: Increase in Malware Attacks via MSHTA Exploitation
Next Post: Drupal Urges Immediate Core Security Updates

Related Posts

Microsoft Fondue.exe Exploited for Malware Deployment Microsoft Fondue.exe Exploited for Malware Deployment Cyber Security News
Android Security Update Targets 129 Vulnerabilities Android Security Update Targets 129 Vulnerabilities Cyber Security News
Npm Ecosystem Hit by New Worm Targeting Developer Secrets Npm Ecosystem Hit by New Worm Targeting Developer Secrets Cyber Security News
AWS US-EAST-1 Region Experiences Delays in EC2 Instance Deployments AWS US-EAST-1 Region Experiences Delays in EC2 Instance Deployments Cyber Security News
Hackers Extensively Abuses Visual Studio Code to Execute Malicious Payloads on Victim System Hackers Extensively Abuses Visual Studio Code to Execute Malicious Payloads on Victim System Cyber Security News
Former MEP’s Phone Compromised by Pegasus During Spyware Probe Former MEP’s Phone Compromised by Pegasus During Spyware Probe Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Fake Installers Deploy SharkLoader Malware in Networks
  • Critical Vulnerabilities in FatFs Impact Millions of Devices
  • Hackers Exploit Blogspot and PowerShell for Data Theft
  • Critical Linux Kernel Bug Allows Unauthorized Root Access
  • Nebula’s AI-Powered Security Tool Revolutionizes Testing

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Fake Installers Deploy SharkLoader Malware in Networks
  • Critical Vulnerabilities in FatFs Impact Millions of Devices
  • Hackers Exploit Blogspot and PowerShell for Data Theft
  • Critical Linux Kernel Bug Allows Unauthorized Root Access
  • Nebula’s AI-Powered Security Tool Revolutionizes Testing

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark