GitHub links repo breach to TanStack npm supply-chain attack

Source: Bleeping Computer

![](https://www.bleepstatic.com/content/hl-images/2026/05/21/GitHub_headpic.jpg)

GitHub says the hackers who breached **3,800 internal repositories** gained access via a malicious version of the **Nx Console** VS Code extension, compromised in last week’s [TanStack npm supply‑chain attack](https://www.bleepingcomputer.com/tag/Tanstack/).

This attack is **attributed to the TeamPCP threat group** and began with the compromise of dozens of TanStack and Mistral AI npm packages, then quickly extended to other projects (including UiPath, Guardrails AI, and OpenSearch) using stolen CI/CD credentials.

TeamPCP was linked to other major supply‑chain attacks targeting developer‑code platforms, including:

- [PyPI](https://www.bleepingcomputer.com/news/security/backdoored-telnyx-pypi-package-pushes-malware-hidden-in-wav-audio/)
- [NPM](https://www.bleepingcomputer.com/news/security/teampcp-deploys-iran-targeted-wiper-in-kubernetes-attacks/)
- [GitHub](https://www.bleepingcomputer.com/news/security/trivy-vulnerability-scanner-breach-pushed-infostealer-via-github-actions/)
- [Docker](https://www.bleepingcomputer.com/news/security/trivy-supply-chain-attack-spreads-to-docker-github-repos/)

and, more recently, to the **“Mini Shai‑Hulud”** supply‑chain campaign (which also affected two OpenAI employees) — see the [report](https://www.bleepingcomputer.com/news/security/openai-confirms-security-breach-in-tanstack-supply-chain-attack/).

---

### GitHub’s response

- GitHub revealed the breach on Tuesday, saying it was **investigating claims of unauthorized access** to its internal repositories and told BleepingComputer that the incident resulted from an employee installing a malicious Visual Studio Code (VS Code) extension, without disclosing the extension’s name.  
- In a blog published Wednesday evening, **GitHub CISO Alexis Wales** said the breach involved a malicious version of **Nx Console**, the official VS Code Marketplace extension for Nx, which lets developers manage large repos and multi‑project codebases without relying entirely on complex terminal CLI commands.  
- Wales added that GitHub has since secured the compromised device and has yet to find evidence that customer data stored outside the affected repos has been stolen.  

> “We rotated critical secrets Monday and into Tuesday with the highest‑impact credentials prioritized first.  
> We continue to analyze logs, validate secret rotation, and monitor our infrastructure for any follow‑on activity. We will take additional action as the investigation warrants.” – *Alexis Wales*

While GitHub has not officially attributed the attack to a specific hacking group, the **TeamPCP cybercrime gang** claimed access to GitHub source code and “~4,000 repos of private code” on the Breached forum on Tuesday, demanding at least **$50,000** for the stolen data.

---

### Nx Console compromise details

- The Nx developers revealed on Monday that they were **jointly investigating** the impact of the attack with GitHub and Microsoft after a malicious version of **Nx Console 18.95.0** was available on the Visual Studio Marketplace for ~18 minutes and on OpenVSX for another ~36 minutes.  
- The poisoned extension deployed a malicious payload designed to steal credentials and secrets for a wide range of platforms, including **npm, AWS, Kubernetes, GitHub, and GCP/Docker**.  

> “One of our developers was compromised by a recent supply‑chain compromise on TanStack, which leaked their GitHub credentials through the GitHub CLI (`gh`). This allowed the attacker to run workflows on our GitHub repository as a contributor,” the Nx team said.  

> “According to Microsoft and OpenVSX, download numbers for the impacted 18.95.0 version were a low 28 and 41 respectively. Two days after the attack, our analytics have registered approximately 6,000 extension activations from VS Code and 0 from other editors (including VS Code forks like Cursor).”

---

### Historical context: malicious VS Code extensions

In recent years, multiple malicious VS Code extensions with millions of installs have slipped onto the official VS Code Marketplace and been used to steal developer credentials and other sensitive data.

- **Last year:** several extensions with **9 million installs** were removed due to security risks, including 10 that infected users with the **XMRig cryptominer**. A malicious extension with basic ransomware capabilities was later spotted after the threat actor **WhiteCobra** flooded the marketplace with 24 crypto‑stealing extensions.  
- **January 2026:** two AI‑based coding‑assistant extensions (combined **1.5 million installs**) were used to exfiltrate data from compromised developer systems to servers in China.

---

### Scale of GitHub’s platform

GitHub’s cloud‑based platform is used by **more than 4 million organizations** (including 90 % of Fortune 100 companies) and **over 180 million developers**, who contribute to **more than 420 million code repositories**.

---

![article image](https://www.b)

Note: The final image link appears truncated in the source (https://www.b). If the correct URL is known, replace it with the full path.

![The Validation Gap](https://leepstatic.com/c/p/validation-gap.jpg)

[**The Validation Gap: Automated Pentesting Answers One Question. You Need Six.**](https://hubs.li/Q048zztN0)

Automated pentesting tools deliver real value, but they were built to answer one question: *can an attacker move through the network?*  
They were **not** built to test whether your controls block threats, your detection rules fire, or your cloud configurations hold.

This guide covers the **6 surfaces** you actually need to validate.

[**Download Now**](https://hubs.li/Q048zztN0)