- cross-posted to:
- technology@lemmy.world
- cross-posted to:
- technology@lemmy.world
The information is spread out across various articles, but from what I gather, a supply chain attack compromised the VS Code extension nx-console, which was then used to compromise Github. This all happened within two days.
Info on the Github attack:
- https://github.blog/security/investigating-unauthorized-access-to-githubs-internal-repositories/
- https://www.bleepingcomputer.com/news/security/github-confirms-breach-of-3-800-repos-via-malicious-vscode-extension/
Info about the nx-console attack:
I suppose that part of the moral here is to compartmentalize information internal to a company. Like, if you’re not on the team working on X, then you probably shouldn’t have repository access to X.