Github compromised by supply chain attack on a VS Code extension
Github compromised by supply chain attack on a VS Code extension
www.bleepingcomputer.com
Just a moment...
The information is spread out across various articles, but from what I gather, a supply chain attack compromised the VS Code extension nx-console, which was then used to compromise Github. This all happened within two days.
Info on the Github attack:
- https://github.blog/security/investigating-unauthorized-access-to-githubs-internal-repositories/
- https://www.bleepingcomputer.com/news/security/github-confirms-breach-of-3-800-repos-via-malicious-vscode-extension/
Info about the nx-console attack: