Nx Console 18.95.0 Compromised — Developer Credentials Stolen

Colleagues — a cybersecurity alert: the Nx Console extension (rwl.angular-console v18.95.0) in the VS Code Marketplace was compromised; the package contained a credential-stealing payload.
Summary:
- An orphaned commit was pushed via a compromised account; on workspace open the extension executed an obfuscated payload.
- Secrets stolen (1Password, Anthropic Claude Code, npm, GitHub, AWS) and exfiltrated via HTTPS/GitHub API/DNS; on macOS a Python backdoor is installed.
- Update to 18.100.0+, check indicators, terminate suspicious processes, and rotate tokens/keys.
Why this matters: the attack undermines the supply chain and enables signing of malicious packages.
Which additional mitigations do you prioritize?
#cybersecurity #supplychain #DevSecOps #development


Latest comments
No comments yet.