VulnHub

Real-time Cybersecurity News

GitHub links repo breach to TanStack npm supply-chain attack

BleepingComputer
Actively Exploited
ExploitVulnerability

Overview

GitHub has reported a security breach affecting 3,800 of its internal repositories. The breach was linked to a compromised version of the Nx Console extension for Visual Studio Code, which was part of a recent supply-chain attack involving TanStack npm packages. This incident highlights the vulnerability of software supply chains, where attackers can exploit trusted tools to gain unauthorized access to sensitive code and data. Developers using the affected extension are particularly at risk, as the malicious version could have allowed hackers to infiltrate their systems and steal valuable information. GitHub is likely working to mitigate the fallout and prevent future incidents, but this breach serves as a reminder for all developers to be vigilant about the tools they use.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: GitHub internal repositories, Nx Console VS Code extension, TanStack npm packages
  • Action Required: Users should remove the compromised Nx Console extension and ensure they are using a safe version from official sources.
  • Timeline: Newly disclosed

Original Article Summary

GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in last week's TanStack npm supply-chain attack. [...]

Impact

GitHub internal repositories, Nx Console VS Code extension, TanStack npm packages

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users should remove the compromised Nx Console extension and ensure they are using a safe version from official sources.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Exploit, Vulnerability.

Read Original Article

Related Coverage

Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor

The Hacker News

Researchers have identified a new piece of Linux malware called Showboat, which has been targeting a telecommunications provider in the Middle East since at least mid-2022. This malware acts as a modular framework that allows attackers to gain remote access to systems, transfer files, and create a SOCKS5 proxy for further exploitation. The use of such a backdoor poses significant risks to the telecommunications infrastructure, potentially compromising sensitive data and disrupting services. As the attack has been ongoing for over a year, it raises concerns about the security measures in place within the affected organization and signals a growing trend of targeted attacks on critical sectors. Companies in similar industries should be vigilant and enhance their security protocols to protect against such sophisticated threats.

May 21, 2026

Chinese APTs Share Linux Backdoor in Central Asia Telco Attacks

darkreading

Recent reports indicate that Chinese advanced persistent threat (APT) groups are using a Linux backdoor called 'Showboat' to target telecommunications providers in Central Asia. This backdoor has been linked to espionage activities aimed at intercepting communications from smaller markets. The attacks raise concerns about the security of telecom infrastructure in the region, as they highlight how vulnerable these systems can be to state-sponsored hacking. The use of such sophisticated malware suggests that these APTs are not only looking to gather intelligence but also to potentially disrupt communications. As these attacks unfold, the implications for privacy and security in the telecommunications sector are significant, particularly for users relying on these services.

May 21, 2026

Content Delivery Exploit Opens Websites to Brand Hijacking

darkreading

A newly identified attack method, known as the Underminr domain-fronting attack, allows cybercriminals to manipulate web requests and disguise their malicious activities by using trusted websites. This technique makes it challenging for security systems to detect and block harmful actions, as they appear to originate from legitimate sources. Websites that rely on content delivery networks (CDNs) are particularly vulnerable, as attackers can exploit these trusted domains to hijack brands and potentially mislead users. The implications are significant, as this could lead to a loss of customer trust and financial harm for affected companies. Organizations should be aware of this tactic and take measures to secure their web infrastructure.

May 21, 2026

CISA Enhances Known Exploited Vulnerabilities Catalog to Include New Nomination Form

CISA News

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities Catalog by introducing a new nomination form. This form allows organizations to report vulnerabilities they believe should be included in the catalog, which serves to inform the public about security flaws that are actively being exploited by attackers. The catalog aims to help organizations prioritize their cybersecurity efforts by focusing on vulnerabilities that pose the most immediate risk. This initiative is particularly important as it encourages collaboration between the public and private sectors in identifying and addressing security weaknesses. By expanding the catalog, CISA hopes to enhance the overall security posture of critical infrastructure and other sectors.

May 21, 2026

Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention

SecurityWeek

In 2025, Apple took significant measures to maintain the integrity of its App Store by rejecting over 2 million app submissions. This move was part of a broader strategy to combat security threats and prevent fraud, resulting in the blocking of more than 1.1 billion accounts and the interception of $2.2 billion in potentially fraudulent transactions. The company's stringent review process aims to protect users from malicious apps and scams, ensuring a safer experience on its platform. This action highlights the ongoing challenges in app security and the need for companies to remain vigilant against fraudulent activities. Developers looking to publish apps must adhere to strict security protocols to avoid rejection, which could impact their business operations.

May 21, 2026

Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

The Hacker News

Microsoft has reported that two vulnerabilities in its Defender software are currently being exploited. The first, identified as CVE-2026-41091, is a privilege escalation flaw that has a CVSS score of 7.8, meaning it poses a significant risk. If successfully exploited, attackers could gain SYSTEM privileges, which would allow them to control the affected systems. The second vulnerability is a denial-of-service flaw, though specific details about its CVE designation weren't provided. These vulnerabilities affect Microsoft Defender, and users of the software should be vigilant as attackers are actively exploiting these flaws in the wild. It's crucial for individuals and organizations to take immediate action to secure their systems.

May 21, 2026