Rwl.angular-console (Nx Console) hit by network compromise
Incident
Summary
Hide ▲
Show ▼
The Nx Console extension rwl.angular-console 18.95.0 was compromised on the VS Code Marketplace, exposing developers to a credential-stealing payload and supply-chain poisoning risk. The malicious update executed when a workspace opened, harvested secrets, and exfiltrated data over HTTPS, the GitHub API, and DNS tunneling. Maintainers said the root cause was a developer machine compromise that leaked GitHub credentials, and they told users to update to 18.100.0 or later after reporting that a few users were compromised. Exposure was observed during the May 18, 2026 window from 2:36 p.m. to 2:47 p.m. CEST.
Related Happenings
GitHub npm GAT publish-token mitigation guidance
Advisory/Mitigation
H score25
First: 09.07.2026 19:49
Last: 09.07.2026 19:49
Sources 1
About this happening:
GitHub is steering **npm users** away from **long-lived publish tokens** as **npm GATs** that bypass **2FA** lose direct publishing and sensitive-management abilities. The recomme...
GitHub npm GAT publish-token mitigation guidance
Advisory/MitigationAbout this happening: GitHub is steering **npm users** away from **long-lived publish tokens** as **npm GATs** that bypass **2FA** lose direct publishing and sensitive-management abilities. The recomme...
GitHub Agentic Workflows indirect prompt injection security flaw
Vulnerability
H score27
First: 07.07.2026 17:04
Last: 07.07.2026 17:04
Sources 1
About this happening:
**GitHub Agentic Workflows** has an **indirect prompt injection** flaw that can let a **public issue** leak content from **private repositories** into public comments. The risk is...
GitHub Agentic Workflows indirect prompt injection security flaw
VulnerabilityAbout this happening: **GitHub Agentic Workflows** has an **indirect prompt injection** flaw that can let a **public issue** leak content from **private repositories** into public comments. The risk is...
Codfish/semantic-release-action hit by network compromise
Incident
H score21
First: 26.06.2026 14:05
Last: 26.06.2026 14:05
Sources 1
About this happening:
The **codfish/semantic-release-action** GitHub Action was hit by a **malicious commit force-push** and **tag redirection** that caused trusted workflows to run attacker code. The...
Codfish/semantic-release-action hit by network compromise
IncidentAbout this happening: The **codfish/semantic-release-action** GitHub Action was hit by a **malicious commit force-push** and **tag redirection** that caused trusted workflows to run attacker code. The...
GitHub actions/checkout blocks fork pull request checkouts by default in privileged workflows
Security Tool/Service
H score11
First: 23.06.2026 17:22
Last: 23.06.2026 17:22
Sources 1
About this happening:
GitHub's **actions/checkout** now refuses common **pwn request** patterns by default, cutting the risk of attacker-controlled code execution in privileged **GitHub Actions** workf...
GitHub actions/checkout blocks fork pull request checkouts by default in privileged workflows
Security Tool/ServiceAbout this happening: GitHub's **actions/checkout** now refuses common **pwn request** patterns by default, cutting the risk of attacker-controlled code execution in privileged **GitHub Actions** workf...
Visual Studio Code VS Code token-theft zero-day security flaw
Vulnerability
H score44
First: 03.06.2026 09:50
Last: 03.06.2026 09:50
Sources 1
About this happening:
A **Visual Studio Code (VS Code) zero-day** lets attackers steal **GitHub OAuth tokens** by abusing the editor's **sandboxed webview message-passing system**. The flaw is especial...
Visual Studio Code VS Code token-theft zero-day security flaw
VulnerabilityAbout this happening: A **Visual Studio Code (VS Code) zero-day** lets attackers steal **GitHub OAuth tokens** by abusing the editor's **sandboxed webview message-passing system**. The flaw is especial...
Latest development: 03.06.2026 15:58
Microsoft has acknowledged a Visual Studio Code vulnerability that can let an attacker use a crafted link and malicious webview message-passing to steal a victim's GitHub OAuth token via GitHub.dev, and said it is working on a fix; Microsoft also said the issue does not affect VS Code Desktop.
Timeline
-
19.05.2026 10:49 2 articles · 1mo ago
Rwl.angular-console (Nx Console) hit by network compromise
Initial DisclosureThe compromised **rwl.angular-console 18.95.0** update entered the **VS Code Marketplace** and began running code as soon as a developer opened any workspace. That first-stage execution established the foothold for secret theft and later supply-chain abuse.
Show sources
- Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer — thehackernews.com — 19.05.2026 10:49
- Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer — thehackernews.com — 19.05.2026 10:49