BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

GitHub Breach Linked to Poisoned VS Code Extension

Trojanized VS Code extension breached GitHub and stole credentials in 18-minute attack.

  • GitHub confirms a breach of its internal repositories via a poisoned Visual Studio Code extension.
  • The attack was part of the larger TanStack supply chain campaign, impacting OpenAI, Mistral AI, and Grafana Labs.
  • The malicious extension was live for only 18 minutes but stole credentials for 1Password, GitHub, AWS, and more.

On May 21, 2026, GitHub officially confirmed a major breach of its internal repositories, an incident resulting from a compromised employee device infected by a malicious version of the Nx Console extension for Microsoft Visual Studio Code. The attack, attributed to the cybercriminal group TeamPCP, allowed the exfiltration of approximately 3,800 repositories and was linked to the broader TanStack supply chain attack that also hit companies like OpenAI, Mistral AI, and Grafana Labs.

- Advertisement -

According to the company’s Chief Information Security Officer, Alexis Wales, the breach involved internal repositories containing some customer information, such as excerpts of support interactions. Consequently, GitHub has rotated critical secrets and taken containment steps while monitoring for further activity. Meanwhile, the trojanized extension was available on the Visual Studio Marketplace for merely 18 minutes, yet it executed a credential stealer targeting 1Password vaults, Anthropic Claude Code configurations, npm, GitHub, and Amazon Web Services.

The incident underscores critical vulnerabilities in developer tooling security. Jeff Cross, co-founder of Narwhal Technologies, stated on X that it highlights the need for “deeper, more fundamental changes” in securing open-source distribution. However, as noted by OX Security researcher Nir Zadok, the extension appeared normal but secretly ran a shell command downloading malicious code from a planted commit on the official nrwl/nx GitHub repository. This pattern enables a self-sustaining cycle of compromises, as described by Aikido security researcher Raphael Silva, where auto-update features in marketplaces provide attackers a direct channel to all installed clients.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

FatFs Flaws Let Malicious Media Hijack Millions of Devices

Seven vulnerabilities (CVE-2026-6682 to CVE-2026- 6688) were found in the widely used FatFs filesystem library,...

Saylor Rage-Quits Channel 4 Over Bitcoin Grilling

Michael Saylor ended a Channel 4 interview by accusing the reporter of being offensive...

Linux ‘Bad Epoll’ Bug Grants Any User Root Access

A critical Linux kernel flaw, Bad Epoll (CVE-2026-46242), allows a standard user to gain...

Crypto Bill Fails to Meet White House July 4 Deadline

The White House will miss its July 4 deadline for passing a cryptocurrency market...

Alphabet Undervalued Despite Record Growth, AI Push

Alphabet (GOOGL) stock is deemed undervalued despite record revenue and strong AI positioning, trading...

Must Read

Top 10 Best Blockchain Games

If you want to know about the best blockchain games then read this article carefully. We listed the best games you can play and...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading