### GitHub's Official Statement **GitHub's** Chief Information Security Officer, Alexis Wales, stated that the breach was a result of a compromised **Nx Console** **VS Code** extension. "We have no evidence of impact to customer information stored outside of **GitHub's** internal repositories, such as our customer's own enterprises, organizations, and repositories," she noted in a statement. However, some internal repositories contain customer information from support interactions, and affected customers will be notified through established channels. ### The Scope of the Attack The attack reportedly allowed the threat actor, identified as **TeamPCP**, to exfiltrate approximately 3,800 repositories. **GitHub** has taken measures to contain the incident, including rotating critical secrets and continuously monitoring for further malicious activity. ### The Nx Console Breach The **Nx** team revealed that their **nrwl.angular-console** extension was compromised following a hack of one of their developers' systems, connected to the recent **TanStack** supply chain attack. Other victims of the **TanStack** compromise include **OpenAI**, **Mistral AI**, and **Grafana Labs**. ### Industry Response Jeff Cross, co-founder of **Narwhal Technologies**, the company behind nx.dev, emphasized the need for more fundamental changes in securing developer tooling and open-source distribution. He tweeted, "This incident highlights that there need to be deeper, more fundamental changes to how we and other maintainers need to think about securing developer tooling and open source distribution." He added that they're initiating discussions with other high-profile open-source maintainers to address the deeper structural problems surrounding software supply chain security. ### TeamPCP's Growing Notoriety **TeamPCP** has rapidly gained attention for orchestrating large-scale software supply chain attacks, specifically targeting widely used open-source projects and security-related tools that developers depend on. ### The Trojanized Extension's Brief Window The trojanized version of the **VS Code** extension was active on the Visual Studio Marketplace for only 18 minutes (between 12:30 p.m. and 12:48 p.m. UTC on May 18, 2026). Despite this short period, the attackers managed to distribute a credential stealer capable of harvesting sensitive data from **1Password** vaults, **Anthropic Claude Code** configurations, npm, **GitHub**, and **Amazon Web Services (AWS)**. ### Technical Analysis According to **OX Security** researcher Nir Zadok, "The extension looked and behaved like normal **Nx Console**, but on startup it silently ran a single shell command that downloaded and executed a hidden package from a planted commit on the official nrwl/nx **GitHub** repository. The command was disguised as a routine MCP setup task so it would not raise suspicion." ### The Self-Sustaining Cycle of Compromises The interconnected nature of modern software allows **TeamPCP** to create a self-sustaining cycle of compromises. By breaking into one trusted tool, they steal credentials from developer systems and use those credentials to compromise subsequent legitimate tools. ### The Auto-Update Dilemma Aikido security researcher Raphael Silva commented on the auto-update feature of extension marketplaces: "Every popular extension marketplace ships with auto-update on by default. **VS Code**, Cursor, the whole lineup. The reasoning makes sense in isolation, because most developers never update anything manually, so leaving it off means a long tail of editors running stale, vulnerable code." He further explained the trade-off: "The trade-off stops making sense once you account for hostile/compromised publishers. Auto-update gives an attacker who controls a release a direct push channel into every machine running that extension. Marketplaces don't impose any review gate or waiting period between when an update is published and when installed clients pull it in."