GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension

GitHub confirmed a supply-chain breach caused by a poisoned Nx Console VS Code extension (v18.95.0) that was available for about 18 minutes; the malicious payload harvested credentials (Vault, npm, AWS, GitHub tokens, 1Password, private keys, etc.) and enabled exfiltration of approximately 3,800 internal GitHub repositories. The incident is tied to a prior TanStack compromise, has been assigned CVE-2026-48027, and the hacking group TeamPCP claims to be selling the stolen data; GitHub rotated critical secrets and contained the threat while investigations continue.