GitHub confirmed that attackers accessed 3,800 internal repositories through a malicious Nx Console VS Code extension tied to the TanStack npm supply-chain attack. The incident was linked to TeamPCP, which also claimed stolen GitHub source code and private repositories for sale after stealing CI/CD credentials and secrets. #NxConsole #TanStack #TeamPCP #GitHub
Keypoints
- GitHub said the breach came from a malicious version of the Nx Console VS Code extension.
- The attack began with the compromise of TanStack and Mistral AI npm packages.
- Stolen CI/CD credentials were used to spread the intrusion to other projects.
- TeamPCP claimed access to nearly 4,000 private GitHub repositories and asked for $50,000.
- GitHub rotated critical secrets and said it had not found evidence of customer data theft outside the affected repos.