GitHub links repo breach to TanStack npm supply-chain attack

GitHub disclosed that a malicious Nx Console VS Code extension (v18.95.0) — briefly published to the Visual Studio Marketplace and OpenVSX — deployed a payload that stole credentials and secrets (npm, AWS, Kubernetes, GitHub, GCP/Docker), enabling attackers to access and claim roughly 3,800–4,000 private repositories; the TeamPCP gang has claimed responsibility and is seeking payment for the stolen code. GitHub says it secured the compromised device, rotated high-impact secrets, and is continuing log analysis and monitoring while the investigation remains ongoing.