Aikido Security's Blog

The Wild West of VS Code extensions and how a poisoned extension breached GitHub (opens in new tab)

Covers Critical: Compromised Nx Console version 18.95.0Covered by 3 sources See all sources covering this story including XDA, thehackernews.com

A poisoned VS Code extension breached GitHub yesterday, one day after Nx Console (2.2M installs) was compromised for 18 minutes on the Visual Studio Marketplace and reached every user with auto-update on. Category: Vulnerabilities & Threats

Read the original article
Sign in to keep reading the full article.
Sign UpLog In

Covered in 3 articles

XDA·

A poisoned VS Code extension led to a GitHub breach, and Microsoft owns every link in the chain

Feeds
thehackernews.com·

GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension

Feeds
kohlschuetter.github.io·

xcesp: Developing for ESP32 Devices with Xcode

Discussed on Hacker News
Feeds

Keyboard Shortcuts

Navigation

Next / previous post
j/k
Open post
oorEnter
Preview post
v

Post Actions

Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s

Recommendations

Add interest / feed
Enter
Not interested
x

Go to

Home
gh
Interests
gi
Feeds
gf
Likes
gl
History
gy
Changelog
gc
Settings
gs
Discover
gb
Search
/

General

Show this help
?
Submit feedback
!
Close modal / unfocus
Esc

Press ? anytime to show this help