Github compromised by supply chain attack on a VS Code extension
The information is spread out across various articles, but from what I gather, a supply chain attack compromised the VS Code extension nx-console, which was then used to compromise Github. This all happened within two days.
Info on the Github attack:
- https://github.blog/security/investigating-unauthorized-access-to-githubs-internal-repositories/
- https://www.bleepingcomputer.com/news/security/github-confirms-breach-of-3-800-repos-via-malicious-vscode-extension/
Info about the nx-console attack:
- https://www.stepsecurity.io/blog/nx-console-vs-code-extension-compromised
Info on the Github attack:
- https://github.blog/security/investigating-unauthorized-access-to-githubs-internal-repositories/
- https://www.bleepingcomputer.com/news/security/github-confirms-breach-of-3-800-repos-via-malicious-vscode-extension/
Info about the nx-console attack:
- https://www.stepsecurity.io/blog/nx-console-vs-code-extension-compromised