GitHub confirms internal breach caused by poisoned VS Code extension
- By Web Desk -
- May 22, 2026
GitHub officially confirmed on Wednesday that the breach of its internal repositories was caused by a compromised employee device that contained a malicious version of the Nx Console extension for Microsoft Visual Studio Code (VS Code).
The development comes as the Nx team revealed that the extension, nrwl.angular-console, was breached after one of its developers’ systems was hacked in the wake of the recent TanStack supply chain attack. Other companies affected include OpenAI, Mistral AI, and Grafana Labs.
“We have no evidence of impact to customer information stored outside of GitHub’s internal repositories,” Alexis Wales, Chief Information Security Officer of GitHub, said in a statement. She added that if any customer impact from internal support interactions is discovered, users will be notified through official channels.
The attack allowed the cybercriminal group TeamPCP to steal around 3,800 repositories. GitHub has contained the incident and has rotated the compromised secrets.
In a post on X, Jeff Cross, co-founder of Narwhal Technologies, stated this incident highlights the need for fundamental changes in securing developer tooling and open-source distribution.
TeamPCP has rapidly gained notoriety for large-scale software supply chain attacks. Notably, the trojanized version of the VS Code extension was live on Visual Studio Marketplace for only 18 minutes.
However, because extension marketplaces ship with auto-update enabled by default, this short window allowed attackers to distribute a credential stealer capable of harvesting sensitive data from 1Password vaults, Anthropic configurations, npm, GitHub, and AWS.
Security researchers revealed that the extension executed a single hidden shell command, masquerading as a normal setup process. By infiltrating one trusted tool, TeamPCP managed to steal developers’ credentials, enabling them to access the next legitimate tool and exploit the highly interconnected structure of modern software development.