The information is spread out across various articles, but from what I gather, a supply chain attack compromised the VS Code extension nx-console, which was then used to compromise Github. This all happened within two days.

Info on the Github attack:

• https://github.blog/security/investigating-unauthorized-access-to-githubs-internal-repositories/
• https://www.bleepingcomputer.com/news/security/github-confirms-breach-of-3-800-repos-via-malicious-vscode-extension/

Info about the nx-console attack:

• https://www.stepsecurity.io/blog/nx-console-vs-code-extension-compromised