Nx Console VS Code extension was the initial access vector in the GitHub breach(twitter.com)
twitter.com
Nx Console VS Code extension was the initial access vector in the GitHub breach
https://twitter.com/jeffbcross/status/2057236396658811020
https://twitter.com/jeffbcross/status/2057236396658811020
Root Cause
One of our developers was compromised by a recent supply-chain compromise on Tanstack, which leaked their GitHub credentials through the GitHub CLI (gh). This allowed the attacker to run workflows on our GitHub repository as a contributor.
More links:
https://github.com/nrwl/nx-console/security/advisories/GHSA-...
https://www.stepsecurity.io/blog/nx-console-vs-code-extensio...