What happened
On May 18, 2026, a malicious version of the Nx Console VS Code extension (v18.95.0) appeared on the Visual Studio Marketplace. It was live for 11 to 18 minutes before being pulled — 36 minutes on OpenVSX. That was enough.

A GitHub employee had the extension installed with auto-update enabled. The poisoned version ran on their machine, harvested credentials, and gave attackers access to roughly 3,800 internal GitHub repositories. The hacking group TeamPCP (also tracked as UNC6780) has since claimed responsibility on the Breached cybercrime forum, where they’re offering the stolen code for at least $50,000.

GitHub confirmed the breach in a public statement: “Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only. The attacker’s current claims of ~3,800 repositories are directionally consistent with our investigation so far.” The company says there’s no evidence that customer data — enterprises, organizations, or user-hosted repositories — was affected, though the investigation is ongoing.

GitHub’s response
GitHub moved quickly once the compromise was detected. They removed the malicious extension version, isolated the compromised endpoint, and began rotating credentials — prioritizing the highest-impact secrets first. The company is continuing to analyze logs and monitor for follow-on activity, with a fuller report promised once the investigation wraps up.

How the attack actually worked
The Nx Console compromise didn’t start on May 18. It traces back to May 11, when TeamPCP executed a supply chain attack on the TanStack npm ecosystem, publishing malicious packages including @tanstack/zod-adapter.

An Nx Console contributor’s machine resolved that malicious package during a routine pnpm install. A minimum-release-age safeguard that should have blocked it was silently ignored by an older pnpm version — a configuration option that turned out to be a no-op. The contributor’s GitHub CLI OAuth token was stolen in the process.

Seven days later, that stolen token was used to publish the backdoored Nx Console release. The malicious payload — 2,777 bytes injected into a minified JS file — fetched a 498 KB obfuscated dropper from an orphan commit. It targeted GitHub tokens, npm tokens, AWS/GCP credentials, SSH keys, Vault tokens, and passwords, exfiltrating data over HTTPS and DNS tunneling.

The same May 19 campaign also published 637 malicious npm package versions under the AntV namespace.