Nx Console 18.95.0 fetched a 498 KB stealer via GitHub orphan commit, exposing developer secrets and forcing credential rotation.

Nx Console 18.95.0 fetched a 498 KB stealer via GitHub orphan commit, exposing developer secrets and forcing credential rotation.

GitHub lost 3,800 internal repos after poisoned Nx Console update exposed developer credentials and supply-chain risk.

Attackers took over the publisher token for Nx Console, which has about 2.2 million installs. They...