GitHub has confirmed that a recent security incident involving unauthorized access to its internal repositories stemmed from the compromise of an employee device through a poisoned Visual Studio Code extension, an intrusion that ultimately exposed code from roughly 3,800 internal projects. The company said the breach was confined to GitHub-internal repositories and that it has found no evidence so far that customer data or production systems were affected, according to a statement reported by CyberScoop.
The incident came to light after GitHub disclosed on May 19 via X that it was investigating suspicious access to internal repositories, later determining that an attacker had obtained control of an employee account via a malicious VS Code extension installed on the worker’s machine, as summarized by ThreatLocker and subsequent reporting. GitHub has said the adversary exfiltrated a significant number of internal repositories but stressed that the activity did not extend to customer repositories and that it has not seen signs of tampering with the public GitHub.com service.
Security researchers now widely believe the poisoned extension involved was Nx Console (nrwl.angular-console), a popular tool for working with the Nx build system inside VS Code. ThreatLocker’s analysis argues that the GitHub breach “was likely caused” by a compromised version of Nx Console on the employee device, while researchers at Semgrep have tied that extension to the broader “s1ngularity” supply-chain attack on the Nx ecosystem, noting that extension versions 18.6.30 through 18.65.1 invoked the malicious nx package during normal use in their advisory. GitHub itself has not publicly named the extension, but the timeline and technical overlaps have led multiple independent teams to connect the incident to the earlier Nx compromise.
The Nx project was hit in August 2025 by a serious supply-chain attack in which malicious versions of the nx package and related plugins were pushed to npm after attackers abused a vulnerable GitHub Actions workflow, as documented in the project’s own advisory GHSA-cxm3-wv7p-598c (tracked as CVE-2025-10894) and covered by The Hacker News and StepSecurity. Those trojanized npm packages executed a postinstall script that scanned victim machines for sensitive files, harvested GitHub and npm tokens, SSH keys, cloud credentials, and even cryptocurrency wallets, then exfiltrated the data by creating a repository named with the string “s1ngularity-repository” under the victim’s own GitHub account and uploading an encoded results file. GitGuardian’s analysis of the incident noted that at least 2,349 secrets were exposed in this way and that some of those tokens were later used for follow-on attacks against victims’ infrastructure in its writeup.
The working theory among defenders is that credentials siphoned by the Nx “s1ngularity” malware—including GitHub access tokens and SSH keys—were leveraged months later to loot GitHub’s internal repositories once attackers realized a compromised account belonged to a GitHub employee. While attribution remains unclear and no government or major threat-intelligence provider has publicly pinned the activity on a named threat group, the incident illustrates how a single poisoned developer tool can seed long-lived compromises across the software supply chain. From an attacker’s perspective, both the earlier Nx npm compromise and the more recent poisoned extension provide high-leverage access to developer laptops that often hold powerful credentials and direct access to sensitive code.
For organizations, the breach is a reminder that the risk from such incidents extends well beyond immediate data loss. Source code in internal repositories frequently contains hard-coded secrets, undocumented APIs and security assumptions that adversaries can mine for future exploitation, even if no customer-facing systems are touched during the initial intrusion. Nx maintainers and independent researchers have urged all users who may have installed affected versions of nx or the nrwl.angular-console extension to check for telltale indicators—such as the presence of a s1ngularity-repository repo in their GitHub account, a /tmp/inventory.txt file on disk, or unexpected lines added to shell startup files—and to immediately upgrade to fixed versions, clear their npm caches, and rotate all potentially exposed tokens and passwords per the Nx advisory, StepSecurity, and Semgrep. Longer term, security teams are being urged to lock down which IDE extensions are allowed in enterprise environments, scrutinize automated build tooling, and treat developer endpoints as high-value targets on par with production systems.
