GitHub Internal Repositories Compromised Through Malicious VS Code Extension

GitHub Internal Repositories Compromised Through Malicious VS Code Extension

GitHub confirmed unauthorized access to internal repositories following the compromise of its developer environment through a malicious version of the Nx Console extension for Visual Studio Code. The supply chain attack targeted developer tooling to establish a foothold within GitHub's infrastructure.

The incident underscores the critical risk surface presented by IDE extensions and developer environment compromise as an initial access vector. The breach demonstrates how adversaries increasingly target upstream supply chain components with privileged access to sensitive code repositories and development infrastructure.

️ Open sources - closed narratives

@sitreports

Source: Telegram "sitreports"