A developer endpoint was compromised by a malicious version of the Nx Console VS Code extension (~2.2M installs). TeamPCP exfiltrated approximately 3,800 GitHub-internal repositories. Activity assessed as limited to internal repos, but some internal repos contain customer interaction data. Closes the TeamPCP loop for the year so far: Trivy in March, Checkmarx and Bitwarden in April, TanStack and now GitHub in May.
← Findings
GitHub-internal repos exfiltrated via poisoned VS Code extension
Developer endpoint compromised by a malicious Nx Console VS Code extension (~2.2M installs). TeamPCP exfiltrated ~3,800 GitHub-internal repositories.