Poisoned VS Code Extension Led to GitHub Repository Theft

GitHub reported that a compromised Nx Console Visual Studio Code extension installed on an employee device enabled the threat group TeamPCP to copy roughly 3,800 repositories. The company said it contained the incident, rotated critical secrets and is monitoring for further activity.

The affected extension was identified as nrwl.angular-console. The Nx extension maintainers reported the package was altered after a developer’s machine was breached following a separate supply‑chain intrusion tied to the TanStack campaign. That earlier compromise affected several downstream projects and vendors. Grafana Labs said it faced an extortion attempt linked to these events and declined to pay.

TeamPCP made the Shai‑Hulud code public. Security firms warned the published code may enable other attackers to target repositories and developer environments with similar tactics.

Microsoft confirmed the intrusion was enabled by a poisoned VS Code extension on an employee device and described containment steps taken by Microsoft and GitHub, including secret rotation. Both organizations said they continue to monitor for follow‑on activity.

Separately, multiple vendors and researchers disclosed active exploits and new patches this week. Microsoft reported two actively exploited Microsoft Defender vulnerabilities: CVE‑2026‑41091, a privilege escalation that can elevate an attacker to SYSTEM, and CVE‑2026‑45498, which can cause denial‑of‑service. Microsoft also released a mitigation for a BitLocker bypass tracked as CVE‑2026‑45585, known as YellowKey, which affects recent Windows 11 releases and Windows Server 2025 and can let an attacker with physical access bypass device encryption.

A Linux kernel flaw tracked as CVE‑2026‑46333 and introduced in November 2016 was disclosed after remaining in the code for nine years. Vendors reported that on default installations of major distributions, an unprivileged local user can disclose sensitive files and execute commands as root. The vulnerability carries a CVSS score of 5.5.

Cisco issued updates for a maximum‑severity Secure Workload flaw, CVE‑2026‑20223, that can allow unauthenticated remote attackers to access data and change configurations across tenant boundaries. Drupal Core published fixes for an SQL injection bug, CVE‑2026‑9082, which has seen active exploitation; one security vendor reported more than 15,000 attack attempts targeting nearly 6,000 sites.

Anthropic’s Project Glasswing reported discovering thousands of high‑ and critical‑severity vulnerability candidates across open‑source projects. The initiative flagged 6,202 candidates as high or critical, validated 1,726 as true positives, and said 97 findings were patched upstream with 88 advisories issued.

Industry and law enforcement actions were also announced. Microsoft took action against an actor called Fox Tempest for supplying fraudulent code‑signing services used in malware distribution. U.S. and European agencies are expanding processes to surface known exploited vulnerabilities more quickly, and the U.S. Cybersecurity and Infrastructure Security Agency launched an online nomination form for known exploited vulnerabilities.

Security teams and vendors recommended that organizations rotate exposed secrets, apply vendor patches, audit developer tooling and monitor for suspicious post‑compromise activity.