GitHub has revealed that attackers accessed data from around 3,800 internal repositories after compromising an employee device. The breach was traced to a poisoned version of the nrwl.angular-console Visual Studio Code extension, which is associated with the Nx Console project. GitHub has said there is no evidence that customer data outside its internal repositories was affected, though the company is still investigating and will notify customers if any impact is confirmed. The malicious extension was available for only 18 minutes on May 18, 2026, but it was enough to deliver a credential stealer targeting tools including 1Password, Anthropic Claude Code, npm and AWS. The extension behaved like the normal version while silently running a disguised shell command on startup, which downloaded hidden malware from a GitHub repository. GitHub has contained the incident, rotated critical secrets, and continues to monitor for further malicious activity. TeamPCP has claimed responsibility for t...
Related
Anthropic disables all Fable 5 and Mythos 5 model access after Trump blocks foreign access
Anthropic has suspended all access to Fable 5 and Mythos 5 after the Trump administration, through the U.S. Commerce Department, invoked national security export controls on June 1...
Meta is adding an AI assistant and a new desktop version to its Edits video editing app
Meta has previewed new updates for Edits, its video editing app, with the main additions being an upcoming AI assistant and a desktop version. The AI assistant, currently being tes...
CakewordAI
Point at anything to learn its name in any language Discussion | Link