GitHub confirmed its internal repositories were breached through an employee device compromised by a poisoned Nx Console VS Code extension, linked to the broader TanStack supply chain attack. The short-lived malicious extension was used by TeamPCP to steal credentials from developer systems and access sensitive services, prompting GitHub to rotate secrets and monitor for follow-on activity. #GitHub #NxConsole #TeamPCP #TanStack #VisualStudioCode #nrwl.angular-console
Keypoints
- GitHub said the breach came from a compromised employee device.
- The attack involved a poisoned Nx Console VS Code extension.
- TeamPCP was able to exfiltrate about 3,800 repositories.
- The malicious extension stole credentials from services like 1Password, npm, GitHub, and AWS.
- GitHub rotated critical secrets and is monitoring for further activity.
Read More: https://thehackernews.com/2026/05/github-internal-repositories-breached.html