ME News reports that on May 20 (UTC+8), according to monitoring by Beating, GitHub officially released a security investigation notice confirming that an employee’s device was compromised by a poisoned VS Code extension, resulting in unauthorized access to its internal code repositories. The attackers claimed to have packaged and stolen approximately 3,800 internal GitHub repositories, a claim the company acknowledged as consistent with the current direction of its investigation. The malicious extension in question was Nx Console (version 18.95.0), which was briefly listed on the Microsoft Visual Studio Code Marketplace on May 18. The attackers gained publishing rights by stealing a contributor’s token and pushed a malicious version containing a credential stealer to the marketplace. Although the Nx team detected the anomaly and removed the version within 11 minutes, some GitHub employees had already downloaded and been compromised during that window. The malicious payload silently harvested host Git credentials, VS Code extension storage, AWS keys, and sensitive data from 1Password. These credentials enabled external attackers to bypass perimeter defenses and directly exfiltrate internal GitHub repositories. GitHub stated it detected and contained the device compromise on May 19. To mitigate risk, the security team urgently rotated all critical keys yesterday and overnight, prioritizing high-value credentials. The team is currently analyzing logs and monitoring for further activity; a full report will be published upon completion of the investigation. (Source: BlockBeats)
GitHub Confirms 3,800 Internal Repositories Stolen via Compromised VS Code Plugin
KuCoinFlashShare
Summary
GitHub confirmed that 3,800 internal repositories were compromised through a poisoned VS Code plugin, with on-chain data suggesting altcoins to watch amid growing security concerns. Attackers exploited a malicious version of Nx Console uploaded on May 18, stealing credentials and sensitive data. The plugin was removed within 11 minutes, but some GitHub employees had already downloaded it. Security teams have rotated access keys and are analyzing logs. The breach underscores the urgent need for stricter controls, particularly as altcoins to watch gain momentum in the market.
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information.
Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.