A wave of sophisticated supply chain attacks has put millions of software developers on high alert, with threat actors turning everyday developer tools into weapons for stealing credentials, cloud tokens, and source code. Two coordinated campaigns — one poisoning a popular VS Code extension and another mass-backdooring thousands of GitHub repositories — reveal how far attackers will go to compromise the software supply chain at its source.
Campaign 1: The Poisoned Nx Console VS Code Extension (CVE-2026-48027)
On May 18, 2026, a malicious version of the Nx Console VS Code extension (v18.95.0) was pushed to the VS Code Marketplace. With over 2.2 million installations, the blast radius was immediately enormous — every developer who opened a workspace with the extension installed became a potential victim.
The attacker first stole a contributor’s GitHub personal access token through a prior supply chain incident, then planted a 498 KB obfuscated JavaScript payload in a hidden orphan commit inside the official nrwl/nx repository. Using stolen publishing credentials, they injected 2,777 bytes of malicious code into the extension’s main file. When any developer opened a workspace, the payload silently ran six credential harvesting modules targeting:
- GitHub personal access tokens
- AWS credentials and IAM keys
- HashiCorp Vault secrets
- Kubernetes configuration files
- npm authentication tokens
- 1Password vault contents
A Python backdoor was also installed on macOS, using the GitHub Search API as a dead-drop for signed remote commands — designed to blend malicious traffic into legitimate GitHub API calls to evade standard firewall monitoring.
The GitHub Breach: 3,800 Internal Repositories Exfiltrated
A GitHub employee’s device was among those compromised, leading to the unauthorized exfiltration of roughly 3,800 internal GitHub source code repositories. CISA published an urgent alert on May 28, 2026, assigned CVE-2026-48027 to the malicious extension, and added it to the Known Exploited Vulnerabilities catalog — stating organizations should treat any machine that ran the compromised extension as fully compromised.
Campaign 2: Operation Megalodon — 5,561 GitHub Repositories Backdoored in Six Hours
Running simultaneously, “Megalodon” pushed 5,718 malicious commits to 5,561 public GitHub repositories in six hours using throwaway accounts with forged identities like build-bot and auto-ci. Workflow names “SysDiag” and “Optimize-Build” were deliberately chosen to look like routine automation tasks.
The injected GitHub Actions workflows harvested CI/CD secrets, AWS/GCP/Azure credentials, SSH keys, and OIDC tokens. One npm package (@tiledesk/tiledesk-server v2.18.6–2.18.12) carried a targeted backdoor variant and was unknowingly published by its legitimate maintainer from the already-compromised repository.
Key Indicators of Compromise
- CVE-2026-48027 — Malicious Nx Console v18.95.0 extension
- VSIX SHA-256:
1a4afce34918bdc74ae3f31edaffffaa0ee074d83618f53edfd88137927340b8 - Malicious orphan commit:
558b09d7ad0d1660e2a0fb8a06da81a6f42e06d2in nrwl/nx - Remediated extension: v18.100.0 (
cb86f4f223daa54467c7782a0d8607e9c84e2bb633e6f0e51d9a19579e200990)
Immediate Response Actions
- Audit workflows — Review commits after May 18, 2026 for changes from automated or unfamiliar accounts
- Rotate all credentials — API keys, cloud tokens (AWS/GCP/Azure), SSH keys, Docker/Kubernetes tokens, and developer secrets
- Full forensic review — Organizations that ran the compromised extension must audit all CI/CD logs and cloud audit trails immediately
- Pin dependencies — Source packages only from verified repositories at pinned, reviewed versions
- Implement delayed pulls — CISA recommends a minimum 3-hour delay before pulling new packages to allow malicious updates to be detected
These attacks signal a troubling evolution in adversary tradecraft: rather than attacking end users, threat actors are systematically targeting the tools developers trust most. Securing the software supply chain is no longer optional — it is foundational to every organization that ships or consumes software.