{
  "title": "Nx Console VS Code Extension Compromise",
  "summary": "On May 18, 2026, the official Nx Console VS Code extension was compromised when attackers used an OAuth token stolen in the TanStack compromise to publish malicious version v18.95.0, resulting in the theft of 3,800 internal GitHub repositories.",
  "date": "2026-05-18",
  "severity": "critical",
  "tags": [
    "vscode",
    "extension",
    "supply-chain",
    "compromise",
    "oauth",
    "teampcp"
  ],
  "sources_count": 5,
  "indicators": {
    "slug": "nx-console-extension-compromise",
    "since": "2026-05-11T19:26:00Z",
    "until": "2026-05-19T09:00:00Z",
    "ecosystem": "vs-code-extension-marketplace, open-vsx visual studio marketplace, open vsx",
    "cves": [],
    "cwes": [],
    "advisoryIds": [],
    "products": [],
    "packages": [
      "nx-console"
    ],
    "versions": [
      "18.95.0",
      "Nx Console v18.95.0"
    ],
    "affectedVersions": [],
    "fixedVersions": [
      "18.100.0",
      "18.100.5"
    ],
    "files": [
      "~/.local/share/kitty/cat.py",
      "~/Library/LaunchAgents/com.user.kitty-monitor.plist",
      "/var/tmp/.gh_update_state"
    ],
    "paths": [],
    "services": [],
    "domains": [
      "sfrclak.com",
      "com.user.kitty-monitor.plist"
    ],
    "urls": [
      "https://sfrclak.com/api/v1/beacon",
      "https://nx.dev"
    ],
    "ips": [],
    "hashes": [],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": []
  }
}