Secure Bulletin Navigating the cyber sea with knowledge
Home > Tag > CVE-2026-48027
#CVE-2026-48027

Massive Supply Chain Attack: Poisoned VS Code Extension and “Megalodon” Campaign Steal Credentials from Millions of Developers

1 June 2026  |  dark6  |  Cybercrime

Two coordinated supply chain attacks poisoned the Nx Console VS Code extension (2.2M installs) and backdoored 5,561 GitHub repositories simultaneously, stealing cloud credentials and 3,800 internal GitHub source...

>> read more