Tag: GitHub Token Theft
-
Developer Alert: Poisoned Nx Console VS Code Extension Steals AWS, npm, and GitHub Tokens
The highly popular Nx Console extension for Visual Studio Code has been compromised via a weaponized supply-chain injection. The compromise specifically corrupted version 18.95.0, which was briefly propagated through the official Microsoft Visual Studio Marketplace. Given that the extension boasts an aggregate user base exceeding 2.2 million installations, the anomaly instantaneously triggered high-priority alarms across…
-
The Tag Trap: How a Single Commit Swap Turned Xygeni’s GitHub Action into a Clandestine Backdoor
An imperceptible edit to a single tag transformed a ubiquitous security auditing instrument into a clandestine backdoor. A malefactor compromised the official Xygeni GitHub Action, implanting a fully functional remote command shell capable of executing arbitrary directives upon the build servers. The savants at StepSecurity have meticulously chronicled this incident, which transpired on the 3rd…