Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
GitHub Breach via Malicious VS Code Extension

GitHub Breach via Malicious VS Code Extension

Posted on May 21, 2026 By CWS

On May 18, 2026, GitHub faced a major security breach after an attacker exploited a compromised Visual Studio Code extension to access internal source code repositories. The breach was detected when GitHub’s security team noticed unusual activities on an employee’s device.

Details of the Breach

The breach was traced back to a tainted version of the Nx Console extension, a third-party tool, which had been installed on the compromised device. GitHub promptly removed the malicious version from its marketplace and initiated comprehensive incident response procedures to address the breach.

The attackers claimed responsibility for accessing around 3,800 internal repositories. GitHub has corroborated this claim with its investigation, confirming that the breach was limited to internal repositories only, with no direct impact on customer-facing infrastructure.

Impact and Response

Despite the breach being limited to internal repositories, GitHub acknowledged that some may contain customer-related information from support interactions, posing potential secondary exposure risks. The company has assured direct communication with affected customers should any data impact be confirmed.

In response to the breach, GitHub’s security team began rotating critical credentials and continues to monitor for any signs of unauthorized access or attempts to re-establish a foothold. Their efforts include log analysis and validation of secret invalidation.

Implications for Developers

This incident underscores the risks associated with supply chain attacks involving VS Code extensions. The compromised Nx Console extension, commonly used in Angular and monorepo development, was subverted, exposing developers who installed it to potential threats.

GitHub plans to release a detailed report once the investigation concludes. Meanwhile, organizations using GitHub for development are advised to review their installed extensions, update policies, and monitor for unusual activity.

Stay informed by following us on Google News, LinkedIn, and X for more updates.

Cyber Security News Tags:Cybersecurity, data exfiltration, DevOps, GitHub, incident response, Nx Console, security breach, Software Security, supply chain attack, VS Code

Post navigation

Previous Post: Drupal Addresses Critical Vulnerability Risk
Next Post: Microsoft Alerts on Active Exploitation of Defender Vulnerabilities

Related Posts

North Korean Hackers Using EtherHiding to Deliver Malware and Steal Cryptocurrency North Korean Hackers Using EtherHiding to Deliver Malware and Steal Cryptocurrency Cyber Security News
Iranian Nation-State APT Targeting Networks and Critical Infrastructure Organizations Iranian Nation-State APT Targeting Networks and Critical Infrastructure Organizations Cyber Security News
Vidar Malware Exploits Fake Downloads to Steal Data Vidar Malware Exploits Fake Downloads to Steal Data Cyber Security News
Metasploit Releases 7 New Exploit Modules covering FreePBX, Cacti and SmarterMail Metasploit Releases 7 New Exploit Modules covering FreePBX, Cacti and SmarterMail Cyber Security News
MacOS Users Targeted by Infiniti Stealer Malware MacOS Users Targeted by Infiniti Stealer Malware Cyber Security News
Threat Actors Attacking Linux SSH Servers to Deploy SVF Botnet Threat Actors Attacking Linux SSH Servers to Deploy SVF Botnet Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • AI Exploited in Prompt Injection Attacks for Crypto Scams
  • Agent Skill Malware Bypasses AI Security Measures
  • Cross-Platform QuimaRAT MaaS Targets Multiple OS
  • TrojPix Hack Threatens Air-Gapped Computers
  • TrojPix Exploits Pixel Modulation to Leak Data

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • AI Exploited in Prompt Injection Attacks for Crypto Scams
  • Agent Skill Malware Bypasses AI Security Measures
  • Cross-Platform QuimaRAT MaaS Targets Multiple OS
  • TrojPix Hack Threatens Air-Gapped Computers
  • TrojPix Exploits Pixel Modulation to Leak Data

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark