Find notable cyber news and cases, enriched with sources, timelines, and signals.

Rwl.angular-console (Nx Console) hit by network compromise

Incident
First reported
Last updated
Happening score
H score 41
1 unique sources, 1 articles

Summary

Hide ▲

The Nx Console extension rwl.angular-console 18.95.0 was compromised on the VS Code Marketplace, exposing developers to a credential-stealing payload and supply-chain poisoning risk. The malicious update executed when a workspace opened, harvested secrets, and exfiltrated data over HTTPS, the GitHub API, and DNS tunneling. Maintainers said the root cause was a developer machine compromise that leaked GitHub credentials, and they told users to update to 18.100.0 or later after reporting that a few users were compromised. Exposure was observed during the May 18, 2026 window from 2:36 p.m. to 2:47 p.m. CEST.

Related Happenings

GitHub npm GAT publish-token mitigation guidance

Advisory/Mitigation
H score25 First: 09.07.2026 19:49 Last: 09.07.2026 19:49 Sources 1

About this happening: GitHub is steering **npm users** away from **long-lived publish tokens** as **npm GATs** that bypass **2FA** lose direct publishing and sensitive-management abilities. The recomme...

GitHub Agentic Workflows indirect prompt injection security flaw

Vulnerability
H score27 First: 07.07.2026 17:04 Last: 07.07.2026 17:04 Sources 1

About this happening: **GitHub Agentic Workflows** has an **indirect prompt injection** flaw that can let a **public issue** leak content from **private repositories** into public comments. The risk is...

Codfish/semantic-release-action hit by network compromise

Incident
H score21 First: 26.06.2026 14:05 Last: 26.06.2026 14:05 Sources 1

About this happening: The **codfish/semantic-release-action** GitHub Action was hit by a **malicious commit force-push** and **tag redirection** that caused trusted workflows to run attacker code. The...

GitHub actions/checkout blocks fork pull request checkouts by default in privileged workflows

Security Tool/Service
H score11 First: 23.06.2026 17:22 Last: 23.06.2026 17:22 Sources 1

About this happening: GitHub's **actions/checkout** now refuses common **pwn request** patterns by default, cutting the risk of attacker-controlled code execution in privileged **GitHub Actions** workf...

Visual Studio Code VS Code token-theft zero-day security flaw

Vulnerability
H score44 First: 03.06.2026 09:50 Last: 03.06.2026 09:50 Sources 1

About this happening: A **Visual Studio Code (VS Code) zero-day** lets attackers steal **GitHub OAuth tokens** by abusing the editor's **sandboxed webview message-passing system**. The flaw is especial...

Latest development: 03.06.2026 15:58

Microsoft has acknowledged a Visual Studio Code vulnerability that can let an attacker use a crafted link and malicious webview message-passing to steal a victim's GitHub OAuth token via GitHub.dev, and said it is working on a fix; Microsoft also said the issue does not affect VS Code Desktop.

Timeline

  1. 19.05.2026 10:49 2 articles · 1mo ago

    Rwl.angular-console (Nx Console) hit by network compromise

    Initial Disclosure

    The compromised **rwl.angular-console 18.95.0** update entered the **VS Code Marketplace** and began running code as soon as a developer opened any workspace. That first-stage execution established the foothold for secret theft and later supply-chain abuse.

    Show sources