GitHub links the breach of 3,800 internal repositories to the TanStack npm supply-chain attack, saying hackers used a malicious Nx Console VS Code extension

what else are we undercounting in the npm andDaniel Lockyer /@daniellockyer:Nooooo pleaseeeee Daily security incidents across the entire tech world right now 🫠Jeff Cross /@jeffbcross:@akses_0x00 @NxDevTools We published the detailed security advisory on GitHub and posted about it on X and Discord immediately after patching on Monday. I'm actually still waiting for confirmation from GitHub that Nx Console was the unnamed VSC extension in their postmortem, but I assume it is. InMatt Johansen /@mat

BleepingComputer 2026-05-22 Sergiu Gatlan

Discussion

@jeffbcross Jeff Cross on x
We're continuing to work with Microsoft and GitHub to investigate the impact of the malicious Nx Console version 18.95.0. I'll share any updates on X (@jeffbcross and @NxDevTools) as well as in our security advisory: https://github.com/.... Initially, Microsoft indicated to us
@akses_0x00 @akses_0x00 on x
Github hack was via this extension nrwl.angular-console VSIX Starting to get detected by more than just VT now https://www.virustotal.com/... https://opensourcemalware.com/ ...
@nxdevtools @nxdevtools on x
SECURITY ADVISORY: A malicious version of Nx Console v18.95.0 was published today at 2:36 PM CEST and was available for 11 minutes, until 2:47 PM CEST, when we patched the issue. Nx Console v18.100.0 is the latest safe version to use. More info: https://github.com/...
@dartilesm Diego Artiles on x
The Nx team is being transparent. Genuinely. But “28 installs per Microsoft” vs “6000 activations per our analytics” is a hell of a gap for one supply-chain weekend. If download stats are that wrong for a 2.2M-install extension — what else are we undercounting in the npm and
@daniellockyer Daniel Lockyer on x
Nooooo pleaseeeee Daily security incidents across the entire tech world right now 🫠
@jeffbcross Jeff Cross on x
@akses_0x00 @NxDevTools We published the detailed security advisory on GitHub and posted about it on X and Discord immediately after patching on Monday. I'm actually still waiting for confirmation from GitHub that Nx Console was the unnamed VSC extension in their postmortem, but …
@mattjay Matt Johansen on x
Looks like this is the extension that popped GitHub. So the hackers used the same MO as npm worm - but instead of a wormy boy - they pushed a malicious VS Code extension out. Nx Console says they see evidence of ~6k downloads of the malware.
@vxunderground @vxunderground on x
[image]
@sigkitten @sigkitten on x
this garbage tool got compromised AGAIN
@andyjabbour Andy Jabbour on bluesky
2026 is awesome. '"We are here today to advertise GitHub's source code and internal orgs for sale," TeamPCP wrote on BreachForums... “Everything for the main platform is there..."' new from @agreenberg.bsky.social & @lhn.bsky.social in @wired.com www.wired.com/story/teampc... @g…
@stephenturner.us Stephen Turner on bluesky
A VS Code extension waltzes into GitHub and runs out with 3,800 internal repositories. github.blog/security/inv... [embedded post]
@campuscodi@mastodon.social Catalin Cimpanu on mastodon
The Nx Dev Tools CEO confirms that his company's Nx Console VS Code extension served as the initial entry point for the GitHub repo hack: https://x.com/... Nx incident: https://github.com/... Step Security report: https://www.stepsecurity.io/ ...
r/technology r on reddit
A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale
r/pwnhub r on reddit
A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale
r/cybersecurity r on reddit
GitHub links repo breach to TanStack npm supply-chain attack

Chronicles

GitHub links the breach of 3,800 internal repositories to the TanStack npm supply-chain attack, saying hackers used a malicious Nx Console VS Code extension

Related Coverage

Discussion