WeSearch

NX compromised: supply chain attack via IDE extension, again

·6 min read · 0 reactions · 0 comments · 13 views
#cybersecurity#software#supply chain
NX compromised: supply chain attack via IDE extension, again
⚡ TL;DR · AI summary

The Nx Console extension for Visual Studio Code was compromised, leading to the distribution of malicious code. This code targeted sensitive developer credentials and cloud infrastructure tokens. The incident highlights ongoing vulnerabilities in software supply chains.

Key facts
Original article
Stepsecurity
Read full at Stepsecurity →
Opening excerpt (first ~120 words) tap to expand

Back to Blog a .is-arrow { transition: transform 0.2s ease-out; } a:hover .is-arrow.is-hover, a:focus .is-arrow.is-hover { transform: translateX(2.1rem); } a:hover .is-arrow, a:focus .is-arrow { transform: translateX(2.1rem); transition: transform 0.2s ease-out; } Threat IntelNx Console VS Code Extension CompromisedVersion 18.95.0 of the popular Nx Console extension (2.2M+ installs) was published with malicious code targeting developer credentials, cloud infrastructure tokens, and CI/CD secrets.

Excerpt limited to ~120 words for fair-use compliance. The full article is at Stepsecurity.

Anonymous · no account needed
Share 𝕏 Facebook Reddit LinkedIn Threads WhatsApp Bluesky Mastodon Email

Discussion

0 comments

More from Stepsecurity

Megalodon Mass GitHub Actions Secret Exfiltration Across 5500 Public Repos
Stepsecurity·10
Scott Pelley on Bari Weiss & His Last Days at '60 Minutes'
RealClearPolitics - Homepage·8
Sacramento Has Made a Farce of California's Election System
RealClearPolitics - Homepage·8
Big Tech, Far Right In Outrage Arms Race Over Henry Nowak Murder
RealClearPolitics - Homepage·8
Sponsors especially OPENAI CODEX voucher usage for codex - openAI challange
Hugging Face - Blog·8
Jill Biden Still Trying To Gaslight Us
RealClearPolitics - Homepage·7