GitHub breach likely caused by Nx Console compromise

## Executive Summary On 2026-05-19 GitHub disclosed unauthorized access traced to a malicious Nx Console VS Code extension (v18.95.0) published using a stolen developer GitHub credential; the backdoored extension delivered heavily obfuscated JavaScript, fetched a secondary payload from an orphaned commit, and installed a Python C2 at ~/.local/share/kitty/cat.py that seeks and exfiltrates developer and cloud credentials (including AWS IMDS tokens). Artifacts and IOCs in the report indicate persistence mechanisms, credential theft (PyPI, NPM, Bitwarden, 1Password, AWS), potential deletion of user data, and downstream access to GitHub repositories with attempts to auction source code.