> TritonInfoSec News
Home / May 23, 2026 / Story
0
#2 BleepingComputer general May 21, 2026 at 06:54 UTC

GitHub links repo breach to TanStack npm supply-chain attack

By Sergiu Gatlan

AI Summary

GitHub disclosed that attackers breached approximately 3,800 internal repositories by exploiting a malicious version of the Nx Console VS Code extension, itself compromised in the broader TanStack npm supply chain attack. The incident highlights how a single poisoned developer tool can cascade into significant source code theft, with Grafana also confirming its codebase was stolen after a token from the same TanStack attack was not rotated.

Read full article → https://www.bleepingcomputer.com/news/security/git…

Relevance score: 90.0/100

# More from May 23

  1. 1
    Lawmakers Demand Answers as CISA Tries to Contain Data Leak Krebs on Security
  2. 3
    Microsoft warns of new Defender zero-days exploited in attacks BleepingComputer
  3. 4
    Drupal: Critical SQL injection flaw now targeted in attacks BleepingComputer
  4. 5
    Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access The Hacker News
  5. 6
    Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks The Hacker News
  6. 7
    Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows The Hacker News
  7. 8
    First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups The Hacker News
  8. 9
    Trend Micro warns of Apex One zero-day exploited in the wild BleepingComputer
  9. 10
    macOS Kernel Memory Corruption Exploit Schneier on Security