GitHub has confirmed a significant security breach that compromised some of its internal repositories, attributing the incident to a poisoned version of the Nx Console Microsoft Visual Studio Code (VS Code) extension. This supply chain attack, which has also affected other prominent tech companies, highlights growing vulnerabilities in developer tools and open-source software distribution.
The breach, confirmed on May 21, 2026, stemmed from the compromise of an employee’s device. The attackers infiltrated the Nx Console extension, nrwl.angular-console, following a broader campaign targeting developer tools. While the immediate impact is confined to GitHub’s internal systems, the incident underscores the sophisticated nature of modern cyber threats.
GitHub Confirms Supply Chain Attack via Developer Tool
In an official statement, Alexis Wales, Chief Information Security Officer at GitHub, stated there is currently no evidence of impact on customer information stored outside of GitHub’s internal repositories. This includes customer enterprises, organizations, and their own repositories. However, GitHub acknowledges that some internal repositories contain customer data, such as excerpts from support interactions. The company has committed to notifying affected customers through established incident response channels if any impact is discovered.
The cybercriminal group identified as TeamPCP is believed to be behind the attack. This group has recently gained notoriety for orchestrating large-scale software supply chain attacks, with a particular focus on widely-used open-source projects and security-adjacent tools essential for developers. The attackers reportedly managed to exfiltrate approximately 3,800 repositories from GitHub’s internal systems. GitHub has implemented containment measures and rotated critical secrets, and it continues to monitor for any ensuing malicious activity.
Vulnerabilities in Developer Tooling Exposed
Jeff Cross, co-founder of Narwhal Technologies, the company behind nx.dev, emphasized the need for fundamental changes in how developers and open-source maintainers approach the security of their tools and distribution methods. He indicated that conversations are underway with other prominent open-source projects to collaboratively address systemic issues within software supply chain security, suggesting that long-standing assumptions within the ecosystem may no longer be viable.
The trojanized version of the Nx Console VS Code extension was active on the Visual Studio Marketplace for a critically short period of just eighteen minutes on May 18, 2026, between 12:30 p.m. and 12:48 p.m. UTC. Despite this brief window, the attackers were able to distribute a credential stealer. This malicious tool was designed to harvest sensitive data from various sources, including 1Password vaults, Anthropic Claude Code configurations, npm, GitHub accounts, and Amazon Web Services (AWS).
According to OX Security researcher Nir Zadok, the compromised extension appeared and functioned identically to the legitimate Nx Console. However, upon startup, it covertly executed a shell command that downloaded and ran a hidden package from a compromised commit in the official nrwl/nx GitHub repository. The command was strategically disguised as a standard MCP setup task to avoid raising suspicion among users.
The interconnected nature of modern software development has enabled TeamPCP to establish a self-perpetuating cycle of new compromises. The attack pattern observed is characterized by its deceptive simplicity and insidious effectiveness: gain entry into a trusted tool, steal credentials from developer systems that have installed it, and then leverage those stolen credentials to infiltrate subsequent legitimate tools. This recursive nature of the attack chain poses a significant challenge to conventional security measures.
Raphael Silva, a security researcher at Aikido, highlighted a prevalent security concern: the default activation of auto-update features across popular extension marketplaces, including VS Code and Cursor. While auto-update is designed to ensure users are running the latest, less vulnerable code, it creates a significant risk when a publisher’s account or distribution channel is compromised. Silva noted that auto-update provides attackers who control a release with a direct push channel into every installed client without any mandated review gate or waiting period between publication and installation.
Moving forward, the cybersecurity community will be closely watching how GitHub and other major platform providers adapt their security protocols for developer tools and the open-source ecosystem. The incident serves as a stark reminder of the critical need for enhanced security vetting of third-party extensions and packages, as well as renewed attention to the inherent risks of software supply chain vulnerabilities. The focus is likely to shift towards more robust authentication, granular permission controls, and potentially independent verification mechanisms for critical developer tools.