Hacking

GitHub Breach Traced to Poisoned Nx Console Extension

Published  ·  9 min read
Updated on May 22, 2026

GitHub has officially confirmed that the breach of its internal repositories was the result of a compromised employee device, and the attack vector was a poisoned version of the Nx Console Microsoft Visual Studio Code (VS Code) extension.

The GitHub breach Nx Console extension compromise was carried out by the cybercriminal group TeamPCP, and the attackers managed to exfiltrate approximately 3,800 internal GitHub repositories.

The Nx team revealed that the extension named nrwl.angular-console was breached after one of its developers' systems was hacked, and this hack occurred in the wake of the recent TanStack supply chain attack which also impacted OpenAI, Mistral AI, and Grafana Labs.

The 18 Minute Window

The trojanized version of the VS Code extension was live on Visual Studio Marketplace for only 18 minutes, and this window occurred between 12:30 p.m. and 12:48 p.m. UTC on May 18, 2026.

Despite the extremely short window, the GitHub breach Nx Console extension compromise was enough for the attackers to distribute a credential stealer, and the stealer harvested sensitive data from 1Password vaults, Anthropic Claude Code configurations, npm, GitHub, and Amazon Web Services (AWS).

The extension looked and behaved like normal Nx Console, but on startup it silently ran a single shell command, and that command downloaded and executed a hidden package from a planted commit on the official nrwl/nx GitHub repository.

The Disguised Command

The malicious command in the GitHub breach Nx Console extension compromise was disguised as a routine MCP setup task, and this disguise ensured it would not raise suspicion among developers who saw it running.

OX Security researcher Nir Zadok explained that the command was disguised as a routine MCP setup task so it would not raise suspicion, and the extension otherwise functioned normally.

This camouflage is a common technique in supply chain attacks, the attackers hide malicious functionality inside legitimate-looking operations, and developers are unlikely to notice anything unusual.

GitHub's Response

GitHub Chief Information Security Officer Alexis Wales confirmed the GitHub breach Nx Console extension compromise and provided details about the impact.

GitHub has no evidence of impact to customer information stored outside of GitHub's internal repositories, including customer enterprises, organizations, and repositories.

However, some of GitHub's internal repositories contain information from customers such as excerpts of support interactions, and GitHub said it will notify customers via established incident response and notification channels if any impact is discovered.

GitHub has taken steps to contain the incident and rotated critical secrets, and the company is continuing to monitor the situation for follow-on activity.

The Developer Tooling Problem

Jeff Cross who is the co-founder of Narwhal Technologies (the company behind nx.dev) said that this incident highlights that there need to be deeper more fundamental changes to how maintainers think about securing developer tooling and open source distribution.

Cross noted that a lot of the assumptions the ecosystem has operated under for years no longer hold, and he said they are beginning conversations with other high-profile open source maintainers about working together on deeper structural problems around software supply chain security.

The GitHub breach Nx Console extension compromise shows that developer tooling is now a prime target for supply chain attackers, and compromising one popular extension can lead to breaches at major companies like GitHub itself.

TeamPCP's Growing Notoriety

TeamPCP has rapidly gained notoriety for large-scale software supply chain attacks in recent months, and the group specifically targets widely-used open-source projects and security-adjacent tools that developers rely on.

The GitHub breach Nx Console extension compromise is just the latest in a series of TeamPCP attacks, and the group has previously compromised TanStack, OpenAI, Mistral AI, and Grafana Labs.

The interlinked nature of modern software has allowed TeamPCP to unleash a self-sustaining cycle of new compromises, and the pattern is deceptively simple as it is nefarious.

The Self-Sustaining Cycle

The GitHub breach Nx Console extension compromise demonstrates a dangerous cycle of supply chain attacks.

Step one, break into one trusted tool, and steal credentials from developer systems that install it.

Step two, use those stolen credentials to break into the next legitimate tool.

Step three, repeat the cycle with each new compromise providing fresh credentials for the next attack.

The GitHub breach Nx Console extension compromise started with the TanStack supply chain attack, and that attack led to compromised credentials which allowed TeamPCP to target the Nx developer.

Once the Nx developer was compromised, TeamPCP poisoned the VS Code extension, and that poisoned extension stole credentials from GitHub employees who use Nx Console.

The Auto-Update Problem

Aikido security researcher Raphael Silva highlighted a fundamental problem with extension marketplaces, every popular extension marketplace ships with auto-update enabled by default including VS Code, Cursor, and the whole lineup.

The reasoning makes sense in isolation, most developers never update anything manually, so leaving auto-update off means a long tail of editors running stale vulnerable code.

The trade-off stops making sense once you account for hostile or compromised publishers, auto-update gives an attacker who controls a release a direct push channel into every machine running that extension.

Marketplaces do not impose any review gate or waiting period between when an update is published and when installed clients pull it in, and the GitHub breach Nx Console extension compromise was live for only 18 minutes but reached many developers.

What Was Stolen

The credential stealer in the GitHub breach Nx Console extension compromise targeted a wide range of sensitive data.

1. 1Password vaults were targeted, and attackers could have accessed all passwords stored in a developer's 1Password account.
2. Anthropic Claude Code configurations were stolen, and these contain API keys for Anthropic's AI services.
3. npm credentials were harvested, and these could be used to publish malicious packages to the npm registry.
4. GitHub credentials were stolen including tokens and SSH keys, and these gave attackers access to GitHub repositories.
5. AWS credentials were harvested, and these could be used to access cloud infrastructure and data.

The Planted Commit

The GitHub breach Nx Console extension compromise used a clever technique involving a planted commit on the official nrwl/nx GitHub repository.

The malicious extension ran a shell command that downloaded a hidden package from this planted commit, and because the commit was on the official repository it appeared legitimate.

This technique allowed TeamPCP to host their malicious payload on trusted infrastructure, and security tools that trust the nrwl/nx repository would not flag the download as suspicious.

Impact on GitHub Customers

GitHub stated that they have no evidence of impact to customer information stored outside of GitHub's internal repositories, and this includes customer enterprises, organizations, and repositories.

However, GitHub's internal repositories do contain some customer information such as excerpts of support interactions, and GitHub has committed to notifying customers if any impact is discovered.

The GitHub breach Nx Console extension compromise primarily affected GitHub's internal systems, but the credential stealer could have stolen customer data from GitHub employees who had access to customer systems.

How to Protect Yourself

The GitHub breach Nx Console extension compromise has lessons for all developers and organizations.
1. Take a look at your installed extension list in VS Code and uninstall unexpected/unwanted ones.

2. Consider turning off auto-updates for important extensions since TeamPCP was able to automatically push out all Nx Console machines, by turning off auto-update you can check out any pending updates before they go live.

3. If you use the Nx Console and it was installed between 12:30 and 12:48 UTC on the 18th of May 2026, you need to change all your OnePassword, GitHub, npm and AWS account passwords.

4. Review for planted commit. The malicious package was delivered via a planted commit located in the official nrwl/nx repo; as such all security teams should be on the lookout for anomalous commits to vetted repositories.

5. Monitor for TeamPCP activity. TeamPCP is actively targeting developer tools, and organizations should be especially vigilant about updates to popular extensions and open-source projects.

Final Thoughts

The GitHub breach Nx Console extension compromise is a watershed moment for software supply chain security, a popular VS Code extension was compromised, and within 18 minutes the attackers had stolen credentials from GitHub employees and exfiltrated 3,800 internal repositories.

The GitHub breach Nx Console extension compromise shows that developer tooling is now a primary attack vector, and the auto-update feature that keeps developers secure from known vulnerabilities also gives attackers a direct channel to millions of machines.

TeamPCP has demonstrated a self-sustaining cycle of compromise, break one tool, steal credentials, break the next tool, repeat, and this cycle will continue until the industry fundamentally rethinks how it secures developer tooling and extension marketplaces.

Check your VS Code extensions today, rotate your credentials, and ask yourself whether the convenience of auto-update is worth the risk of the next 18 minute window.

FAQ Section

What happened in the GitHub breach Nx Console extension compromise?

TeamPCP compromised the Nx Console VS Code extension and published a malicious version to Visual Studio Marketplace for 18 minutes, the extension stole credentials from 1Password, GitHub, npm, and AWS, and these credentials were used to breach GitHub's internal repositories.

In what duration was the malicious extension of the Nx Console known as a Trojan available for download from the Visual Studio Marketplace before it was removed? 

An approximate 18 minutes on May 18, 2026, between 12:30 UTC and 12:48 UTC. Regardless, during this time, as a result of the malicious extension being available for download in the Visual Studio Marketplace, many developers utilizing the extension had their credentials stolen.

Which credentials did the Nx Console Extension steal? 

The following information was targeted by the Nx Console Malicious Extension: credentials from 1password vaults, Anthropic Claude Code configurations; credentials for npm; GitHub credentials (tokens and SSH keys); Amazon Web Services (AWS) credentials.

Should I disable auto-update for VS Code extensions?

Auto-update gives attackers a direct push channel to every machine running a compromised extension, and while disabling auto-update means you must manually update extensions it also gives you time to review updates before installation especially for critical widely-used extensions.

Source: The Hacker News
Professional Services

Explore Our Cybersecurity Services

Our insights are backed by hands-on service delivery. If your business needs professional cybersecurity support, our UK-based specialists are ready to help.

© 2016 – 2026 Red Secure Tech Ltd. Registered in England and Wales — Company No: 15581067