The compromise window for the trojanized Nx Console extension was only 18 minutes, but that was enough for one GitHub employee’s VS Code update to harvest tokens, SSH keys and AI-tooling credentials.
The campaign did not start there: TeamPCP had already poisoned TanStack packages and later pushed malicious durabletask releases to PyPI, showing a worm-like attack path through trusted developer tools.
For AI companies the damage is broader than ordinary source-code theft because build scripts, evaluation tools and agent credentials can reveal how model systems are trained, tested and protected.
Sources: The Hacker News, Help Net Security, Phoenix Security, Notebookcheck, Tech Times; CocoLoop