[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fiEkDgzd8q9TkdXjt4Bwrq4dbGYL7WB1VhJXFzhGBXgA":3},{"lesson":4},{"id":5,"slug":6,"article_id":7,"title":8,"body":9,"prevention":10,"framework_refs":11,"status":18,"created_at":19,"published_at":20,"article":21,"tags":24},"1673201a-f04e-453a-8683-1b4079122809","github-breach-via-malicious-vs-code-extension-highlights-supply-chain-risks","82ba1008-c993-4751-bc59-0fab8dbd4d3b","GitHub Breach via Malicious VS Code Extension Highlights Supply Chain Risks","GitHub suffered a significant breach when an employee installed a compromised VS Code extension (Nx Console v18.95.0) that was part of a supply chain attack targeting the TanStack npm ecosystem. The malicious extension was designed to steal credentials for multiple cloud and development platforms, demonstrating how even brief exposure windows (18-36 minutes) can lead to catastrophic breaches. This incident underscores the critical importance of vetting development tools and extensions, as attackers increasingly target software supply chains to gain access to high-value targets. The breach resulted in unauthorized access to 3,800 internal repositories, showing how a single compromised development tool can expose vast amounts of sensitive code and data.","**Immediate actions:**\n- Implement approval workflows for all development tool installations and updates\n- Enable real-time monitoring of credential usage across development environments\n- Conduct emergency audit of all installed VS Code extensions and development tools\n\n**Long-term improvements:**\n- Establish vendor risk assessment processes for all development tools and dependencies\n- Implement code signing verification for all extensions and packages before installation\n- Create isolated development environments with limited access to production systems\n\n**Detection measures:**\n- Deploy behavioral monitoring to detect unusual credential access patterns\n- Implement automated scanning of package repositories for known malicious indicators\n- Establish alerting for high-privilege account activities in development environments",[12,13,14,15,16,17],"CIS Control 2","CIS Control 16","NIST SP 800-161","NIST SC-7","NIST AC-2","SLSA Framework","published","2026-05-22T05:32:14.063871+00:00","2026-05-22T05:32:13.788+00:00",{"id":7,"url":22,"title":23},"https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fgithub-links-repo-breach-to-tanstack-npm-supply-chain-attack\u002F","GitHub links repo breach to TanStack npm supply-chain attack",[25,31],{"id":26,"name":27,"slug":28,"description":29,"color":30},"7261eb8f-acd4-4d93-a489-7fdd652ec0ea","Security Awareness","security-awareness","Phishing, social engineering, human error","#22c55e",{"id":32,"name":33,"slug":34,"description":35,"color":36},"f0c2a0af-58aa-4128-87c9-6acd30f2dc48","Supply Chain","supply-chain","Third-party risk, compromised dependencies","#8b5cf6"]