In May 2026, a trojanized version of the Nx Console extension for Visual Studio Code was published, leading to a breach at GitHub that exposed approximately 3,800 internal repositories. The attackers utilized a stolen credential to publish the malicious extension, which was available for about 18 minutes before being removed. The payload, which targeted sensitive information such as GitHub credentials and AWS keys, was small and designed to evade detection. While GitHub claimed no evidence of public repository compromise, the incident underscores significant vulnerabilities in Microsoft's ecosystem, particularly within the Visual Studio Marketplace and VS Code's auto-update feature. Microsoft reported only 28 installs of the malicious extension, contrasting sharply with Nx's analytics, which indicated around 6,000 activations. This breach highlights ongoing security challenges in software development, reflecting a pattern of supply-chain attacks that have previously affected multiple organizations, including OpenAI and Grafana Labs. Despite Microsoft's efforts to enhance marketplace security, the incident reveals that known vulnerabilities remain unaddressed, raising concerns about the integrity of the entire software development stack.