GitHub has confirmed that a recent breach of its internal repositories was triggered by a vulnerability in a Microsoft Visual Studio Code (VS Code) extension named ‘Nx Console.’ The security team at GitHub, owned by Microsoft, issued a warning on May 19, stating that an attacker gained unauthorized access to approximately 3,800 internal repositories through a compromised VS Code extension that had been installed on one of its employees’ devices.
In a subsequent update, Jeff Cross, CEO of Nx, confirmed that the affected extension, Nx Console, was indeed the entry point for the breach. Nx Console is a widely used extension designed to facilitate a graphical interface for managing and executing tasks, generators, and builds in Nx workspaces, which are often utilized for managing large codebases referred to as monorepos. With around 2.2 million installations, Nx Console has established itself as a popular choice among developers and holds a verified publisher badge on the Visual Studio Marketplace.
The details of the breach were elaborated in a report published on GitHub, where Cross explained that a malicious version of Nx Console (version 18.95.0) was uploaded to both the Visual Studio Marketplace and Open VSX, an open-source registry for VS Code-compatible editors, on May 18. This version was uploaded at precisely 12:30 UTC by an individual masquerading as an official Nx maintainer, circumventing existing checks and balances within the publishing process.
Upon installation, the compromised extension fetched an obfuscated payload capable of harvesting sensitive credentials from various sources, including:
- Vault: Tokens from Vault paths such as ~/.vault-token and /etc/vault/token, as well as Kubernetes and AWS Identity and Access Management (IAM) authentication credentials.
- Npm: Tokens and OIDC token exchanges from the .npmrc file.
- AWS: Information from IMDS/ECS metadata, Secrets Manager, Systems Manager (SSM) resources, and Web Identity tokens.
- GitHub: GitHub tokens and secrets related to Actions, as well as data stored in process memory.
- 1Password: Information from the op CLI vault, provided an active op session was established.
- Filesystem: A range of confidential information, including private keys, connection strings, and Docker credentials.
The vulnerability associated with this incident has been marked with the identifier CVE-2026-48027. Cross detailed how the attacker was able to acquire GitHub credentials belonging to a legitimate Nx developer, which was made possible through a broader supply-chain compromise involving TanStack npm packages. This incident is connected to an ongoing wave of supply chain attacks, colloquially referred to as the Mini Shai-Hulud campaign, impacting various developer ecosystems.
Furthermore, Cross acknowledged that the upload of the malicious Nx Console version occurred without the manual approval of other designated Nx administrators. He noted the urgency of enhancing security measures, stating that the Nx Console publishing pipeline has been fortified to require manual approval from two administrators before any releases can be published.
Although the timeframe for the malicious version’s availability was relatively short, lasting only about 18 minutes, it was deemed sufficient to impact numerous open-source contributors using the VS Code interface and had the auto-update feature enabled. In the light of this, anyone who might have downloaded the malicious extension is advised to assume their systems were compromised, necessitating the rotation of all authentication keys, including tokens, secrets, SSH keys, and any other sensitive credentials.
As GitHub took immediate action to contain the breach, the company disclosed that it had removed the malicious extension version, isolated the affected endpoint, and commenced incident response procedures shortly after the incident was detected. In their update from May 19, GitHub articulated that they had prioritized critical secret rotations overnight and were rigorously analyzing logs to validate these actions and monitor for any subsequent activity.
In a twist, the TeamPCP hacking group has laid claim to the breach, initially demanding at least $50,000 for the stolen data before reportedly posting an advertisement in collaboration with the Lapsus$ threat group to sell the hacked data for $95,000. They clarified that their intentions were not to extort GitHub, asserting that they would only sell the stolen repositories to a single buyer, with no interest in lower offers. Should a prospective buyer not materialize, the group has threatened to leak the data publicly.
This incident serves as a stark reminder of the vulnerabilities inherent in software supply chains, underscoring the necessity for more rigorous security practices in the realm of open-source software distribution. In the wake of the breach, Cross expressed a commitment to improving security measures, reflecting an emerging awareness among software maintainers of the pressing need to rethink foundational assumptions regarding developer tooling and supply chain security. Conversations are being initiated with other prominent open-source maintainers to address these systemic vulnerabilities collaboratively.
As GitHub continues its investigation, a more comprehensive report detailing the findings and responses is promised once the analysis has concluded. The incident not only highlights the immediate risks to GitHub but also raises broader questions about the security landscape impacting developers and tech companies alike.