GitHub repositories breached via poisoned VS Code extension
Supply chain attack on developer tooling compromised employee device, granting access to internal GitHub repositories through malicious Nx Console extension.
GitHub confirmed Wednesday that internal repositories were breached after an employee device was compromised by a poisoned version of the Nx Console extension for Microsoft Visual Studio Code. The extension, published under the identifier nrwl.angular-console, was itself compromised when a developer system at Nx was hacked.
The attack represents a supply chain compromise targeting the software development toolchain itself. VS Code extensions operate with elevated privileges on developer machines, which typically hold credentials, source code access, and internal network connectivity. The breach underscores that developer tooling has become critical infrastructure with insufficient security scrutiny.
The Nx Console extension is widely used by developers working with Nx, a build system and monorepo tool. By compromising the extension at its source, attackers gained distribution through the official VS Code marketplace, bypassing many organizational security controls that focus on external threats rather than trusted tooling.
- 01Software development teams using Nx Console should audit systems and rotate credentials immediately
- 02GitHub customers should assume potential exposure of private repository metadata pending further disclosure
- 03Security teams must reassess trust models for developer tooling and extension marketplaces
- 04VS Code extension publishers face increased scrutiny over build pipeline and developer device security
Ransomware attack executed entirely by AI agent, researchers report
JadePuffer operation marks what may be the first documented case of a fully autonomous LLM-driven ransomware deployment from reconnaissance to encryption.
Agentic AI Executes Multi-Stage Ransomware Attack via Langflow
Demonstration shows large language model agents autonomously combining exploitation techniques with real-time reasoning to conduct complex intrusions without human intervention.
FortiBleed Attackers Monetize Firewall Access Through Ransomware Partnerships
Actors who compromised thousands of Fortinet devices are now collaborating with Inc and Lynx ransomware groups, adding Nextcloud exploitation to their toolkit.