Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
GitHub Breach Linked to Malicious VS Code Extension

GitHub Breach Linked to Malicious VS Code Extension

Posted on May 21, 2026 By CWS

GitHub has confirmed a security breach involving its internal repositories, attributed to a compromised employee device. The breach was linked to a tainted version of the Nx Console extension for Microsoft Visual Studio Code (VS Code), highlighting the risks associated with developer tool compromises.

Details of the Breach

The breach was unveiled after the Nx team reported that their nrwl.angular-console extension was infiltrated. This incident followed the recent TanStack supply chain attack, which affected several major tech entities, including OpenAI and Grafana Labs. The attackers, known as TeamPCP, managed to extract approximately 3,800 repositories.

GitHub’s Chief Information Security Officer, Alexis Wales, assured that customer information stored outside GitHub’s internal systems remains unaffected. However, GitHub is monitoring the situation closely and has implemented measures to contain the incident, including rotating critical secrets.

Industry Response and Analysis

Narwhal Technologies, the company behind nx.dev, acknowledged the need for fundamental changes in securing developer tools and open-source distribution. Jeff Cross, co-founder of Narwhal Technologies, emphasized the necessity of re-evaluating existing security assumptions within the software ecosystem.

TeamPCP’s rapid rise in notoriety stems from their focus on large-scale software supply chain attacks, targeting popular open-source projects. In this case, the malicious VS Code extension was briefly available on the Visual Studio Marketplace, yet it sufficed to distribute a credential-stealing tool.

Implications for Developers

The compromised extension operated stealthily, executing a hidden package upon startup. This incident underscores the vulnerabilities inherent in the interconnected nature of modern software. Attackers exploit trusted tools to extract credentials, perpetuating a cycle of breaches.

Security researchers have critiqued the default auto-update feature in extension marketplaces, such as VS Code, Cursor, and others. While intended to keep software up-to-date, it inadvertently provides attackers with a mechanism to distribute malicious updates directly to users.

Moving forward, the industry is urged to implement stricter review processes and impose waiting periods for updates to mitigate risks. As the software supply chain evolves, enhanced security measures and collaboration among open-source maintainers are essential to prevent similar incidents.

The Hacker News Tags:auto-update risks, credential theft, Cybersecurity, developer tools, extension compromise, GitHub, incident response, Nx Console, open source security, security breach, Software Security, software supply chain, supply chain attack, TeamPCP, VS Code

Post navigation

Previous Post: GhostTree Technique Exploits EDR Weaknesses
Next Post: Claude Code Sandbox Flaw Risks User Data Exposure

Related Posts

LastPass Warns of Fake Maintenance Messages Targeting Users’ Master Passwords LastPass Warns of Fake Maintenance Messages Targeting Users’ Master Passwords The Hacker News
LiteSpeed Plugin Flaw Exploited for Root Access LiteSpeed Plugin Flaw Exploited for Root Access The Hacker News
New Malware Strikes npm with IronWorm and Miasma Variants New Malware Strikes npm with IronWorm and Miasma Variants The Hacker News
Why BAS Is Proof of Defense, Not Assumptions Why BAS Is Proof of Defense, Not Assumptions The Hacker News
LiteLLM Security Flaw Exploited Rapidly Post-Disclosure LiteLLM Security Flaw Exploited Rapidly Post-Disclosure The Hacker News
Cyber Espionage Campaign Hits Russian Aerospace Sector Using EAGLET Backdoor Cyber Espionage Campaign Hits Russian Aerospace Sector Using EAGLET Backdoor The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • AI Exploited in Prompt Injection Attacks for Crypto Scams
  • Agent Skill Malware Bypasses AI Security Measures
  • Cross-Platform QuimaRAT MaaS Targets Multiple OS
  • TrojPix Hack Threatens Air-Gapped Computers
  • TrojPix Exploits Pixel Modulation to Leak Data

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • AI Exploited in Prompt Injection Attacks for Crypto Scams
  • Agent Skill Malware Bypasses AI Security Measures
  • Cross-Platform QuimaRAT MaaS Targets Multiple OS
  • TrojPix Hack Threatens Air-Gapped Computers
  • TrojPix Exploits Pixel Modulation to Leak Data

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark