Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Rwl.angular-console (Nx Console) hit by network compromise

Incident
First reported
Last updated
Happening score
H score 41
1 unique sources, 1 articles

Summary

Hide ▲

The Nx Console extension rwl.angular-console 18.95.0 was compromised on the VS Code Marketplace, exposing developers to a credential-stealing payload and supply-chain poisoning risk. The malicious update executed when a workspace opened, harvested secrets, and exfiltrated data over HTTPS, the GitHub API, and DNS tunneling. Maintainers said the root cause was a developer machine compromise that leaked GitHub credentials, and they told users to update to 18.100.0 or later after reporting that a few users were compromised. Exposure was observed during the May 18, 2026 window from 2:36 p.m. to 2:47 p.m. CEST.

Related Happenings

GitHub data exposed after GitHub breach

Data Leak
First: 20.05.2026 11:14 Last: 20.05.2026 11:14 Sources 1

About this happening: GitHub confirmed **exfiltration** of **internal repositories**, making private code and related content potentially available to outsiders. Attackers on the **Breached cybercrime...

Open Happening

GitHub internal repositories private-code leak claim

Data Leak
First: 20.05.2026 08:08 Last: 20.05.2026 08:08 Sources 1

About this happening: GitHub is facing a claimed leak of **internal repositories** after **TeamPCP** said it had access to about **4,000 private-code repos** and tried to sell samples. The alleged expo...

Latest development: 21.05.2026 17:45

A malicious version of Nx Console 18.95.0 was uploaded to Visual Studio Marketplace and Open VSX on May 18, fetched an obfuscated payload, and harvested secrets from ~/.vault-token, /etc/vault/token, .npmrc, ghp_/gho_/ghs_ tokens, AWS metadata, and other local sources; GitHub said the poisoned VS Code extension led to unauthorized access to about 3800 internal repositories.

Open Happening

GitHub hit by network compromise

Incident
First: 20.05.2026 07:01 Last: 20.05.2026 07:01 Sources 1

About this happening: GitHub is investigating unauthorized access to its internal repositories after a third party allegedly offered stolen material for sale on a cybercrime forum. The intrusion was li...

Latest development: 20.05.2026 13:45

GitHub detected unauthorized access tied to a poisoned Visual Studio Code (VS Code) extension on an employee device, removed the malicious extension version, isolated the endpoint, and began incident response to contain exposure across internal repositories.

Open Happening

Actions-cool/issues-helper hit by network compromise

Incident
First: 19.05.2026 08:28 Last: 19.05.2026 08:28 Sources 1

About this happening: The **actions-cool/issues-helper** GitHub Actions supply-chain compromise let malicious tags run in **CI/CD pipelines**, causing **credential theft** and downstream account risk....

Open Happening

Shai-Hulud worm clone activity on NPM

Malware Activity
First: 18.05.2026 12:45 Last: 18.05.2026 12:45 Sources 1

About this happening: The **Shai-Hulud** malware activity has continued to evolve across the **npm supply chain** and related developer ecosystems. It first infected **npm packages** in **September 202...

Open Happening

Timeline

  1. 19.05.2026 10:49 2 articles · 8d ago

    Rwl.angular-console (Nx Console) hit by network compromise

    Initial Disclosure

    The compromised **rwl.angular-console 18.95.0** update entered the **VS Code Marketplace** and began running code as soon as a developer opened any workspace. That first-stage execution established the foothold for secret theft and later supply-chain abuse.

    Show sources
    Open in new tab