GitHub Compromised via Malicious Nx Console Extension

Colleagues, a cybersecurity alert: GitHub confirmed compromise of internal repositories via a counterfeit "nrwl.angular-console" VS Code extension.
Summary:
- Threat actor (TeamPCP) exfiltrated ~3,800 repositories by embedding a trojan in the extension.
- Malicious package was on the Marketplace for 18 minutes but harvested credentials (1Password, npm, GitHub, AWS, etc.).
- GitHub rotated secrets and is monitoring; I am tightening secret controls and auditing endpoints.
Why it matters: compromise of developer tooling endangers the supply chain.
What additional measures for extension management and auto-updates do you consider priorities?
#cybersecurity #supplychain #devtools #GitHub


Latest comments
No comments yet.