Skip to main content

Tag: github breach

7 articles

Cluttered developer workstation with laptop, monitor, and notes, VS Code on screen.

Linux Flaws Expose Critical Infrastructure to Root Command Execution

GitHub confirmed that a compromised employee device, infected by a poisoned Nx Console VS Code extension, led to the theft of around 3,800 internal repositories, sparking swift action to contain the breach and protect sensitive data. The incident highlights the vulnerability of even the most secure systems to supply chain attacks.

Analyst 207
Blurred developer workstation with laptop, smartphone, and tablet nearby.

GitHub Breach Exposes 3,800 Repos to TanStack Supply-Chain Attack

A single malicious Visual Studio Code extension, Nx Console version 18.95.0, was enough to spark a GitHub breach that exposed 3,800 internal repositories to a TanStack supply-chain attack. The poisoned extension was live on marketplaces for just 54 minutes, but long enough to steal credentials from a developer's machine.

Analyst 207
Developer workstation with laptop, coding tools, and scattered papers.

GitHub Breach Exposes 3,800 Repositories via Malicious VS Code Extension

GitHub's security chief confirms that customer data remains safe, with no evidence of impact outside of GitHub's internal repositories. The breach originated from a poisoned VS Code extension installed on a compromised employee device, allowing attackers to steal credentials.

Analyst 207
Developer workstation with laptop, monitor, and office supplies in a neutral background.

GitHub Breach Exposes 3800 Internal Repositories to Malicious VS Code Extension

GitHub's security team swiftly contained a breach that exposed 3,800 internal repositories to a malicious VS Code extension, and immediately took action to prevent further damage. The company has completed critical secret rotations and is now meticulously analyzing logs to ensure the incident is fully resolved.

Analyst 207
Developer workstation with laptop, monitor, and coding tools in a modern office space.

GitHub Breach Exposes 3,800 Repos via Malicious VSCode Extension

GitHub recently uncovered a sneaky attack involving a tainted VS Code extension that compromised an employee's device, putting 3,800 repositories at risk. The breach was quickly contained, but not before some internal repositories were exfiltrated.

Analyst 207
Laptop screen displays GitHub repository page on a clean workspace surface.

Grafana GitHub Breach Exposes Source Code in TanStack npm Attack

Grafana Labs recently reported a security breach that exposed source code and internal data, but fortunately, there's no evidence that customer production systems were compromised. The breach, detected on May 11, was confined to the company's GitHub environment and involved both public and private source code and internal repositories.

Analyst 207
Cluttered developer workstation with laptop and papers, symbolizing a coding environment.

Grafana Labs Hit by GitHub Breach, Code Stolen in Ransom Demand

Grafana Labs sprang into action after a security breach at GitHub compromised its code, swiftly invalidating leaked credentials and bolstering defenses to prevent further unauthorized access. The company quickly responded to the breach, taking crucial steps to safeguard its environment.

Analyst 207