Signal
GitHub breach linked to malicious Nx Console VS Code extension in TanStack supply chain attack
Evidence first: scan the strongest sources, then decide whether to go deeper.
Published 2026-05-20 08:14 UTCUpdated 2026-05-21 14:45 UTC
rss
breachessupply_chain_attackmalwareincident_response
Trend in the last 24h
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
No card needed for the free brief.
Evidence trail (top sources)
top sources (4 domains)domains are deduped. counts indicate coverage, not truth.4 top sources shown
Overview
GitHub confirmed that hackers accessed about 3,800 internal repositories by exploiting a malicious version of the Nx Console Visual Studio Code extension.
Entities
GitHubMicrosoftGrafana LabsTanStackTeamPCPLapsus$Nx Consolenrwl.angular-console
Score total
1.63
Momentum 24h
6
Posts
6
Origins
5
Source types
1
Duplicate ratio
0%
Why now
- The breach was disclosed recently, highlighting ongoing risks in software supply chains.
- Attackers exploited a popular VS Code extension with millions of installs, showing the scale of potential impact.
- Stolen data is actively being sold, increasing urgency for incident response and mitigation.
Why it matters
- Supply chain attacks can compromise widely used developer tools, impacting major platforms like GitHub and Grafana Labs.
- Compromise of developer credentials enables attackers to access sensitive internal repositories and CI/CD pipelines.
- Stolen code repositories pose risks of intellectual property theft and further exploitation if sold or leaked.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: high
Recurring claims
- GitHub's internal repositories were breached via a malicious version of the Nx Console VS Code extension linked to the TanStack supply chain attack.
- The threat group TeamPCP compromised an Nx developer's system to publish the malicious extension, enabling theft of secrets and credentials.
- Grafana Labs confirmed their code breach was caused by the TanStack supply chain attack affecting the Nx Console extension.
- Stolen GitHub internal repositories are being offered for sale for $95,000, with possible cooperation between TeamPCP and Lapsus$.
How sources frame it
- GitHub CISO Alexis Wales: neutral
All evidence
All evidence
GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension
Infosecurity Magazine · infosecurity-magazine.com · 2026-05-21 14:45 UTC
GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise
Help Net Security · helpnetsecurity.com · 2026-05-21 13:42 UTC
GitHub links repo breach to TanStack npm supply-chain attack
BleepingComputer · bleepingcomputer.com · 2026-05-21 06:54 UTC
GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension
thehackernews · thehackernews.com · 2026-05-21 04:27 UTC
GitHub Hacked, Internal Repositories Offered for Sale
BankInfoSecurity · bankinfosecurity.com · 2026-05-20 21:08 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 5Origin domains: 5Duplicates: -
Showing 5 / 0
Top publishers (this list)
- Infosecurity Magazine (1)
- Help Net Security (1)
- BleepingComputer (1)
- thehackernews (1)
- BankInfoSecurity (1)
Top origin domains (this list)
- infosecurity-magazine.com (1)
- helpnetsecurity.com (1)
- bleepingcomputer.com (1)
- thehackernews.com (1)
- bankinfosecurity.com (1)