The Nx Console supply chain compromise represents one of the most dangerous attacks on developer tooling in recent memory. A malicious version of the Nx Console Visual Studio Code extension was published to official marketplaces on May 18, 2026, targeting developers across enterprise, cloud, and DevOps environments.
Key Takeaways
- Malicious Nx Console v18.95.0 was a multi-stage credential stealer distributed via official VS Code and Open VSX marketplaces
- The payload harvested tokens and secrets from GitHub, npm, AWS, HashiCorp Vault, Kubernetes, and 1Password
- Update immediately to v18.100.0 or later; thousands of users were affected despite low official download counts
- Kill any running __DAEMONIZED and cat.py processes and rotate all credentials accessible from affected machines
- CISA added the incident to its Known Exploited Vulnerabilities catalog, signaling urgent remediation needs
How the Nx Console Supply Chain Compromise Unfolded
The Nx Console supply chain compromise exploited trust in a legitimate developer tool distributed through trusted marketplaces. The malicious extension functioned as a multi-stage credential stealer designed to extract secrets from the entire developer ecosystem. What made this attack particularly dangerous was its targeting of high-value credentials—not just GitHub tokens, but AWS keys, npm secrets, Kubernetes configs, HashiCorp Vault access, and 1Password vaults. The payload used multiple exfiltration channels including HTTPS, the GitHub API, and DNS tunneling to avoid detection.
The attack demonstrated sophisticated persistence mechanisms. On macOS, the payload deployed a persistent Python backdoor and used the GitHub Search API as a dead-drop for commands signed with a 4096-bit RSA key. On Linux systems, the malicious code attempted sudoers injection to maintain root-level access. This multi-layered approach meant that even detecting the initial infection would not necessarily stop the attacker’s access to the compromised machine.
The Scale and Impact of the Nx Console Breach
GitHub’s initial advisory suggested the impact was limited based on official marketplace download statistics. The malicious version 18.95.0 showed only 28 downloads on Microsoft’s marketplace and 41 on Open VSX. However, GitHub’s internal analytics painted a far grimmer picture—the company estimated thousands of affected users despite the low public download counts. One incident report cited more than 3,800 internal repositories compromised in a single account. The discrepancy between public download numbers and actual impact underscores how supply chain attacks can spread through enterprise environments in ways that official marketplace metrics fail to capture.
The threat was severe enough to warrant inclusion in CISA’s Known Exploited Vulnerabilities catalog, linking it to CVE-2026-45321 (CVSS 9.6) and CVE-2026-48027 (CVSS 9.3). These critical severity ratings reflected the breadth of systems the payload could compromise and the depth of access it could achieve.
Immediate Actions for Affected Organizations
The remediation guidance for the Nx Console supply chain compromise is aggressive and comprehensive. First priority: update Nx Console to version 18.100.0 or later. However, updating alone is insufficient. Users must actively kill any running __DAEMONIZED and cat.py processes, which actively attempt credential exfiltration even after the extension is updated. The next step requires rotating every credential reachable from the affected machine—secrets stored on disk, environment variables, and any credentials that could have been minted by the compromised system.
Beyond the workstation itself, organizations must audit GitHub logs for suspicious activity. Search for workflow-run deletions, unexpected repository creation, token creation, SSH key additions, OAuth app authorizations, membership changes, repository transfers, and Actions workflow modifications. Inspect repositories for unauthorized commits or force pushes, particularly changes under .github/workflows/. Remove persistence artifacts including macOS LaunchAgent plist files and associated backdoor files. In the most severe cases, consider a full rebuild of affected developer machines.
How Nx Hardened Its Release Pipeline
The Nx maintainers responded to the Nx Console supply chain compromise by implementing multiple layers of protection in their publishing pipeline. The most critical change: requiring two admins to manually approve every release, eliminating single points of failure. They also adopted GitHub Actions environments with required reviewers, where the reviewer cannot be the same person who triggered the workflow. Additionally, the maintainers added monitoring of the GitHub audit log and pinned GitHub Action SHAs instead of using floating refs, making it harder for attackers to inject malicious steps.
Jeff Cross, speaking on behalf of the Nx team, stated that the incident highlighted fundamental gaps in how developer tooling and open source distribution are secured. The postmortem revealed that the attack succeeded because the publishing process lacked human oversight at critical stages. While the hardening measures address those gaps, they also highlight a broader industry problem: most open source projects lack the resources and processes to match enterprise-grade security controls.
Broader Context: Extension Marketplace Risk
The Nx Console supply chain compromise is not an isolated incident but part of a larger trend of compromised developer tools. Reporting on the breach connected it to a separate supply-chain compromise at TanStack, indicating multiple related campaigns targeting the developer ecosystem. The root cause of this vulnerability class is architectural: auto-update is enabled by default in major extension ecosystems like VS Code and Cursor. Developers receive updates silently without explicit approval, trusting that marketplace vetting prevents malicious code. This trust, once broken, becomes a liability.
Unlike traditional software distribution, where a single malicious release might affect thousands of users over weeks, extension marketplaces distribute updates automatically to millions of machines in hours. The Nx Console supply chain compromise demonstrated that even low official download counts can mask widespread real-world impact, because enterprise deployments often use internal package mirrors or air-gapped updates that marketplace analytics cannot track.
What the Nx Console Incident Means for DevOps Security
The Nx Console supply chain compromise exposes a critical vulnerability in how organizations manage developer tool supply chains. Enterprise, cloud, and DevOps environments rely on tools like Nx Console to orchestrate builds, deployments, and infrastructure changes. A compromise at this layer gives attackers access not just to source code repositories but to deployment credentials, cloud keys, and secrets-management systems. The payload’s targeting of Kubernetes configs and HashiCorp Vault access means that a single compromised workstation could become a springboard for lateral movement across an entire cloud infrastructure.
Organizations cannot prevent supply chain compromises entirely, but they can limit blast radius. The most important controls are credential segregation (limiting what any single tool can access), audit logging (detecting suspicious activity), and rapid credential rotation (reducing the window of compromise). The Nx incident reinforces that trusting a tool’s official distribution channel is not enough—continuous monitoring of that tool’s behavior is essential.
Should you update Nx Console immediately?
Yes. If you are running Nx Console version 18.95.0 or earlier, update to 18.100.0 or later without delay. Even if you believe your machine was not compromised, the payload may have exfiltrated credentials that are now in an attacker’s hands. After updating, kill any __DAEMONIZED and cat.py processes and rotate all secrets.
What should I check if I used the malicious Nx Console version?
Review your GitHub audit logs for unexpected activity including workflow deletions, repository creation, token generation, SSH key additions, and OAuth authorizations. Check for unauthorized commits or force pushes in your repositories, especially in .github/workflows/ directories. Look for indicator files such as kitty/cat.py, com.user.kitty-monitor.plist, .gh_update_state, and bun.exe in unusual locations. If you find any of these, assume all credentials accessible from that machine have been compromised and rotate them immediately.
How can organizations prevent similar supply chain compromises?
Require human approval for every release in your publishing pipeline, ensure different people review and approve changes, monitor your audit logs for suspicious activity, and pin external dependencies to specific versions rather than using floating refs. Beyond tooling, implement credential segregation so that no single tool has access to all your secrets, and maintain detailed audit logs of what each tool accesses. These controls will not prevent compromises, but they will detect them faster and limit their scope.
The Nx Console supply chain compromise demonstrates that developer tools are now high-value targets for attackers. A single compromised extension can reach thousands of machines and extract credentials from multiple systems simultaneously. Organizations that treat their developer tool supply chain as a critical security boundary—monitoring, auditing, and rapidly responding to incidents—will survive these attacks. Those that do not will face the consequences of a breach that touches their entire infrastructure.
Edited by the All Things Geek team.
Source: TechRadar
