edge.prnewswire.com
GitHub Breach Linked to Compromised Nx Console Extension
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
On May 19, 2026, GitHub announced an investigation into unauthorized access to internal repositories after a malicious Visual Studio Code extension was executed on an employee's device. The attack, attributed to the Mini Shai-Hulud worm by TeamPCP, exploited a compromised version of the Nx Console extension, version 18.95.0, published on May 18, 2026. This version contained obfuscated JavaScript that created backdoors and allowed attackers to steal GitHub credentials. The breach affected approximately 3,800 internal repositories. GitHub's response included removing the malicious extension from the Visual Studio Marketplace within 18 minutes of detection. The attack utilized legitimate workflows and trusted credentials, making detection challenging. The compromised extension was linked to a broader supply chain attack involving multiple software publishers.
Key Points: • The GitHub breach was caused by a compromised version of the Nx Console extension. • Approximately 3,800 internal repositories were affected by the attack. • The Mini Shai-Hulud worm utilized legitimate workflows to propagate without detection.