VulnHub

Real-time Cybersecurity News

GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension

Infosecurity Magazine
Actively Exploited

Overview

A recent security incident has revealed that a threat actor compromised a developer associated with the Nx framework and then impersonated a legitimate maintainer to publish a malicious extension on the Visual Studio Marketplace. This extension, known as 'Nx Console', posed a significant risk to users of Visual Studio Code by potentially allowing attackers to execute harmful code on their systems. Developers who installed this extension may have inadvertently exposed their projects and sensitive data to exploitation. The incident raises concerns about the security of third-party extensions and the need for developers to be vigilant about the tools they use. Users are advised to review their installed extensions and ensure they have not inadvertently installed the malicious version.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Nx Console extension for Visual Studio Code
  • Action Required: Users should uninstall the malicious Nx Console extension and verify their systems for any unauthorized changes or data breaches.
  • Timeline: Newly disclosed

Original Article Summary

A threat actor compromised an Nx developer and posed as a legitimate maintainer to publish a malicious extension on Visual Studio Marketplace

Impact

Nx Console extension for Visual Studio Code

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users should uninstall the malicious Nx Console extension and verify their systems for any unauthorized changes or data breaches.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Read Original Article

Related Coverage

CISA chief frets about open-source vulnerabilities, delayed security improvements

CyberScoop

Nick Andersen, the acting director of the Cybersecurity and Infrastructure Security Agency (CISA), expressed concerns about the rising vulnerabilities in open-source software amidst a surge of malware attacks. These attacks are targeting publicly available technologies that developers often use for collaboration. Andersen emphasized that many organizations are delaying necessary security improvements, which puts them at greater risk. The reliance on open-source tools without adequate security measures can lead to significant breaches, affecting not only individual organizations but also the broader tech ecosystem. As more companies adopt open-source solutions, the need for stronger security practices becomes urgent.

May 21, 2026

Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor

The Hacker News

Researchers have identified a new piece of Linux malware called Showboat, which has been targeting a telecommunications provider in the Middle East since at least mid-2022. This malware acts as a modular framework that allows attackers to gain remote access to systems, transfer files, and create a SOCKS5 proxy for further exploitation. The use of such a backdoor poses significant risks to the telecommunications infrastructure, potentially compromising sensitive data and disrupting services. As the attack has been ongoing for over a year, it raises concerns about the security measures in place within the affected organization and signals a growing trend of targeted attacks on critical sectors. Companies in similar industries should be vigilant and enhance their security protocols to protect against such sophisticated threats.

May 21, 2026

Inside a Crypto Drainer: How to Spot it Before it Empties Your Wallet

BleepingComputer

Recent research has exposed a significant threat posed by modern crypto drainers, which don't break into wallets through hacking but instead deceive users into authorizing harmful transactions. The Lucifer DaaS platform is a key player in this scheme, utilizing phishing techniques and automation to facilitate the theft of digital assets. This method targets unsuspecting crypto users, making it essential for them to be vigilant about the permissions they grant to apps and services. With the rise of these sophisticated tactics, users must be cautious and double-check transaction requests to avoid losing their funds. Understanding these threats is crucial in protecting one's digital wallet from potential exploitation.

May 21, 2026

Chinese APTs Share Linux Backdoor in Central Asia Telco Attacks

darkreading

Recent reports indicate that Chinese advanced persistent threat (APT) groups are using a Linux backdoor called 'Showboat' to target telecommunications providers in Central Asia. This backdoor has been linked to espionage activities aimed at intercepting communications from smaller markets. The attacks raise concerns about the security of telecom infrastructure in the region, as they highlight how vulnerable these systems can be to state-sponsored hacking. The use of such sophisticated malware suggests that these APTs are not only looking to gather intelligence but also to potentially disrupt communications. As these attacks unfold, the implications for privacy and security in the telecommunications sector are significant, particularly for users relying on these services.

May 21, 2026

Content Delivery Exploit Opens Websites to Brand Hijacking

darkreading

A newly identified attack method, known as the Underminr domain-fronting attack, allows cybercriminals to manipulate web requests and disguise their malicious activities by using trusted websites. This technique makes it challenging for security systems to detect and block harmful actions, as they appear to originate from legitimate sources. Websites that rely on content delivery networks (CDNs) are particularly vulnerable, as attackers can exploit these trusted domains to hijack brands and potentially mislead users. The implications are significant, as this could lead to a loss of customer trust and financial harm for affected companies. Organizations should be aware of this tactic and take measures to secure their web infrastructure.

May 21, 2026

Three-Quarters of Firms Knowingly Ship Vulnerable Code

Infosecurity Magazine

A recent report reveals that about 75% of companies knowingly distribute code containing vulnerabilities. This situation arises from the increasing reliance on third-party suppliers and unverified code, particularly in the context of artificial intelligence. Businesses often prioritize speed and efficiency over security, leading to potential risks in their supply chains. The findings raise significant concerns about the security of software products, as these vulnerabilities can be exploited by malicious actors. Companies must take a more proactive approach to vetting their suppliers and ensuring that the code they use is secure to protect themselves and their customers.

May 21, 2026