this post was submitted on 21 May 2026
47 points (98.0% liked)

Technology

84830 readers
4094 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
47
Github compromised by supply chain attack on a VS Code extension (www.bleepingcomputer.com)
submitted 21 hours ago* (last edited 19 hours ago) by hirihit640@sh.itjust.works to c/technology@lemmy.world
3 comments fedilink hide all child comments
 

The information is spread out across various articles, but from what I gather, a supply chain attack compromised the VS Code extension nx-console, which was then used to compromise Github. This all happened within two days.

Info on the Github attack:

Info about the nx-console attack:

you are viewing a single comment's thread
view the rest of the comments
[โ€“] hirihit640@sh.itjust.works 14 points 19 hours ago* (last edited 18 hours ago) (1 children)

If you're a developer I recommend the stepsecurity article, a detailed breakdown of the attack. Some highlights about the nx-console attack:

  • the malicious version of the extension was only up for 11 minutes before getting detected and taken down, but apparently that was enough to compromise a developer at Github
  • portions of the malware were hosted on nx-console's public Github repo, though hidden in a dangling orphaned commit
  • data was exfiltrated through 3 channels, including using a victim's Github credentials to publish the data on their own repos
  • the malware looked for credentials like Github and AWS tokens, likely for future supply chain attacks, and may be the first to steal AI credentials (in this case Claude API)

From the bleepingcomputer article:

"As always this is not a ransom, We do not care about extorting Github, 1 buyer and we shred the data on our end, it looks like our retirement is soon so if no buyer is found we will leak it free," the cybercriminals said. "If you are interested. Send your offers to the communications below, we are not interested in under 50k, the best offer will get it"

The stealing of AI credentials reminds me of a lemmy post from last year: the first ai agent worm. Imagine a virus that uses AI agents to dynamically probe systems and evolve to spread through infrastructure, meanwhile stealing AI credentials to pay for the tokens that the agents are consuming, a self-funding AI virus!