Nx Console supply-chain breach exposes users

// 2h agoSECURITY INCIDENT

Nx Console supply-chain breach exposes users

Nx says a malicious v18.95.0 of its VS Code extension was briefly published through compromised maintainer credentials and then removed. The payload targeted developer machines, harvesting tokens, credentials, and files from anyone who auto-updated during the exposure window.

// ANALYSIS

This is a reminder that editor extensions are part of the trusted computing base now, and compromise there can become instant workstation compromise.

–The blast radius is unusually ugly because the malware ran on extension activation and went after `gh`, npm, cloud, vault, SSH, and 1Password material
–The incident wasn’t a generic package typo-squat; it chained an upstream dependency compromise into maintainer token theft and then marketplace publishing
–The narrow version window matters, but auto-update turned a short-lived release into a real-world exposure event
–For teams, the lesson is blunt: lock down publisher workflows, harden local dev credentials, and assume editor extensions deserve the same scrutiny as production dependencies

// TAGS

nx-consolesecurityidedevtoolautomation

DISCOVERED

2h ago

2026-05-22

PUBLISHED

2h ago

2026-05-22

RELEVANCE

8/ 10

AUTHOR

The PrimeTime

// KEEP READING

More AI developer news from the feed

EXPLORE FULL FEED

NEWS1h ago

Google’s WebMCP turns browser agents into tool callers

WebMCP is Google’s proposed web standard for exposing structured tools to AI agents through JavaScript and annotated HTML forms. It is meant to give browser agents a reliability layer so they can invoke declared actions instead of inferring intent from pixels, with a Chrome flag available for local development and an origin trial planned for Chrome 149.

MODEL1h ago

Gemini Omni adds conversational video generation, editing

Google’s Gemini Omni is a multimodal video model that can generate and edit video from text, images, audio, and video inputs. The big shift is conversational, step-by-step editing with stronger scene consistency and reference-based creation.

LAUNCH1h ago

LobeHub says coordination beats model quality

LobeHub is positioning itself as a Chief Agent Operator for multi-agent work: you give it a high-level goal, and it coordinates specialized agents, routes work across models, and surfaces only the decisions that need human input. The pitch is less “another chatbot” and more an orchestration layer for long-running, heterogeneous AI workflows, with open-source/self-hosted deployment and integration into the channels teams already use.