Nx Console VS Code extension was the initial access vector in the GitHub breach (twitter.com) 6 points by vldszn 1mo ago ↗ HN
[–] vldszn 1mo ago ↗ Per security advisory on GitHub:Root CauseOne of our developers was compromised by a recent supply-chain compromise on Tanstack, which leaked their GitHub credentials through the GitHub CLI (gh). This allowed the attacker to run workflows on our GitHub repository as a contributor.More links:https://github.com/nrwl/nx-console/security/advisories/GHSA-...https://www.stepsecurity.io/blog/nx-console-vs-code-extensio...
1 comment
[ 3.2 ms ] story [ 9.6 ms ] threadRoot Cause
One of our developers was compromised by a recent supply-chain compromise on Tanstack, which leaked their GitHub credentials through the GitHub CLI (gh). This allowed the attacker to run workflows on our GitHub repository as a contributor.
More links:
https://github.com/nrwl/nx-console/security/advisories/GHSA-...
https://www.stepsecurity.io/blog/nx-console-vs-code-extensio...