5:["$","main",null,{"className":"flex p-8 flex-col gap-6","children":[["$","div",null,{"className":"rounded-lg border bg-card text-card-foreground shadow-sm w-full","children":[["$","div",null,{"className":"flex flex-col space-y-1.5 p-6","children":[["$","h3",null,{"className":"font-semibold tracking-tight text-base md:text-xl","children":"Nx Console VS Code extension was the initial access vector in the GitHub breach"}],["$","div",null,{"className":"text-sm text-muted-foreground","children":["$","div",null,{"className":"grid gap-1","children":[["$","div",null,{"className":"flex gap-1","children":[["$","span",null,{"children":[6," points"]}],["$","span",null,{"children":["posted ","10 hours ago"]}]]}],["$","$Ld",null,{"href":"/user/vldszn","className":"flex gap-2 items-center text-accent-foreground hover:underline","children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","width":24,"height":24,"viewBox":"0 0 24 24","fill":"none","stroke":"currentColor","strokeWidth":2,"strokeLinecap":"round","strokeLinejoin":"round","className":"lucide lucide-user-round w-4 h-4","children":[["$","circle","1hypcn",{"cx":"12","cy":"8","r":"5"}],["$","path","rfgkzh",{"d":"M20 21a8 8 0 0 0-16 0"}],"$undefined"]}],"by ","vldszn"]}]]}]}]]}],["$","div",null,{"className":"p-6 pt-0","children":[["$","a",null,{"href":"https://twitter.com/jeffbcross/status/2057236396658811020","target":"_blank","children":["(","twitter.com",")"]}],false]}]]}],[["$","h2",null,{"className":"text-xl","children":[1," Comments"]}],["$","div",null,{"className":"space-y-4","children":[["$","article","48216615",{"className":"bg-secondary/50 text-secondary-foreground border-l border-secondary-foreground/15 px-4 pt-4 ml-0","children":[["$","div",null,{"className":"flex gap-1 items-center mb-2","children":[["$","h4",null,{"className":"font-bold","children":["$","$Ld",null,{"className":"hover:text-muted-foreground hover:underline","href":"/user/vldszn","children":"vldszn"}]}],["$","p",null,{"className":"text-muted-foreground","children":"10 hours ago"}]]}],["$","div",null,{"className":"prose-invert pb-4 break-words","dangerouslySetInnerHTML":{"__html":"

Per security advisory on GitHub:

Root Cause

One of our developers was compromised by a recent supply-chain compromise on Tanstack, which leaked their GitHub credentials through the GitHub CLI (gh). This allowed the attacker to run workflows on our GitHub repository as a contributor.

Nx Console VS Code extension was the initial access vector in the GitHub breach

1 Comments

vldszn