Supply Chain Attack Targets Microsoft Entra ID via Compromised Nx Console Extension

Supply Chain Attack Targets Microsoft Entra ID via Compromised Nx Console Extension

First seen 19 May 2026, 08:17 UTC CybersecuritynewsThehackernewsAikido.DevInfosecurity-MagazineNotebookcheck+3 79% similarity 64.5

Article Content

Browse articles
ThreatCluster

On May 18, 2026, a compromised version of the Nx Console VS Code extension was uploaded to the Visual Studio Code Marketplace, targeting developer credentials and cloud infrastructure tokens. This attack exploited vulnerabilities in the Nx ecosystem, marking the second supply chain incident in less than a year. Developers using Nx Console 18.95.0 are particularly at risk, with potential data exfiltration from Microsoft 365 and Azure environments. The attack is believed to have affected thousands of machines, emphasizing the need for heightened security measures in software supply chains. As of now, the incident is under investigation, and users are advised to monitor their systems for unusual activity.

Key Points: • A compromised Nx Console extension was published on May 18, 2026. • The attack targets developer credentials and cloud infrastructure tokens. • This incident marks the second supply chain attack against the Nx ecosystem in under a year.

ThreatCluster AI

Timeline

2026-05-18
Compromised Nx Console extension published
A malicious version of Nx Console 18.95.0 was uploaded to the VS Code Marketplace, targeting developers.
Cybersecuritynews
2026-05-19
Incident reported and investigated
Cybersecurity experts began investigating the supply chain attack affecting Microsoft Entra ID accounts.
Thehackernews

Community

Browse all →