05/13/2026-05/20/2026 GitHub Breached, Nx Console VS Code Extension Compromised, Leaked Shai-Hulud Malware Fuels New npm Infostealer Campaign And More.

1. GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos

GitHub is investigating unauthorized access to its internal repositories after threat actor TeamPCP listed the platform’s source code for sale on a cybercrime forum for at least $50,000, claiming to have around 4,000 repositories. GitHub traced the breach to a compromised employee device infected via a poisoned Visual Studio Code extension. The company has since rotated critical credentials and confirmed the attack affected only internal repositories, with no evidence of customer data exposure.

Meanwhile, TeamPCP’s self-replicating malware campaign has expanded to compromise durabletask, Microsoft’s official Python client for the Durable Task framework. Three malicious versions (1.4.1–1.4.3) were published to PyPI after attackers stole credentials from a previously compromised GitHub account. The embedded malware targets cloud credentials, password managers, SSH keys, and developer tools, and can propagate across AWS EC2 instances and Kubernetes clusters. The package receives roughly 417,000 monthly downloads, and any system that installed an affected version should be considered fully compromised.

2. Grafana GitHub Breach Exposes Source Code via TanStack npm Attack

On May 19, 2026, Grafana Labs said its recent breach was limited to its GitHub environment and did not affect customer production systems or operations. The stolen data included source code, internal repositories, and some business contact information, but no customer production or Grafana Cloud data. The company said the breach stemmed from the TanStack npm supply chain attack linked to TeamPCP, which also impacted OpenAI and Mistral AI. Grafana detected the activity on May 11, but a missed GitHub workflow token later allowed attackers to access additional repositories. After receiving an extortion demand on May 16, Grafana refused to pay, citing no guarantee the stolen data would be deleted. The company has since rotated tokens, increased monitoring, audited commits, and strengthened GitHub security measures.

3. DirtyDecrypt: PoC Released For Yet Another Linux Flaw

DirtyDecrypt (CVE-2026-31635) is a newly publicized Linux kernel local privilege escalation flaw with a working PoC already on GitHub. The bug stems from a missing copy-on-write guard in rxgk_decrypt_skb(), allowing attackers to write directly into shared page-cache memory — potentially corrupting /etc/shadow, /etc/sudoers, or SUID binaries to gain root.

Only systems compiled with CONFIG_RXGK are affected (Fedora, Arch, openSUSE Tumbleweed); standard Ubuntu and Debian installs are not. In Kubernetes environments, the flaw could enable container escape.

DirtyDecrypt is part of a growing family of related page-cache write vulnerabilities, alongside Copy Fail, Dirty Frag, and Fragnesia. Two other recent Linux flaws round out a busy few weeks: Pack2TheRoot (CVE-2026-41651, CVSS 8.8) targeting PackageKit, and ssh-keysign-pwn (CVE-2026-46333), which lets unprivileged users read root SSH keys.

Patches are available — apply them promptly, as a public PoC significantly shortens the exploitation window.

4. Nx Console VS Code Extension Compromised to Steal Developer and Cloud Secrets

 
Version 18.95.0 of the Nx Console VS Code extension (2.2M+ installs) was compromised on May 18, 2026, after attackers used stolen publishing credentials to push a malicious update to the official Marketplace. The extension was live for just 11 minutes before removal, but any developer who opened a workspace between 12:36–12:47 UTC should consider all credentials on that machine compromised.

The attack was a multi-stage supply chain operation. A contributor’s GitHub token — stolen in an earlier incident — was used to push a hidden orphan commit containing an obfuscated 498 KB payload. Once triggered, it harvested credentials from GitHub, AWS, npm, HashiCorp Vault, Kubernetes, 1Password, and notably Claude Code config files. Data was exfiltrated via HTTPS, GitHub API, and DNS tunneling simultaneously. On macOS, a persistent hourly Python backdoor was installed.

Developers should update to v18.100.0+, remove the macOS backdoor (~/.local/share/kitty/cat.py), and immediately rotate all tokens, SSH keys, and secrets.

5. Leaked Shai-Hulud Malware Fuels New npm Infostealer Campaign

Following last week’s Shai-Hulud source code leak, copycat attackers have already deployed it on npm. A threat actor using the account deadcode09284814 published four malicious packages over the weekend, targeting developers via typosquatting on popular libraries like Axios:

• chalk-tempalte – unobfuscated Shai-Hulud clone (credential/crypto stealer)
• @deadcode09284814/axios-util – credential and cloud config stealer
• axois-utils – infostealer + persistent DDoS botnet (“phantom bot”)
• color-style-utils – basic infostealer targeting crypto wallets

Researchers at OXsecurity confirmed the chalk-tempalte package is the first documented Shai-Hulud clone on npm, though it’s unsophisticated — an unmodified copy with no obfuscation. Stolen data is exfiltrated to a C2 server and uploaded to auto-generated public GitHub repositories. The axois-utils package adds HTTP, TCP, and UDP flood capabilities on top of standard credential theft.

The four packages had a combined 2,678 downloads. Developers should remove any affected packages immediately and rotate all credentials and API keys.

6. Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws

Several major vendors have shipped critical security patches this week:

• Ivanti fixed CVE-2026-8043 (CVSS 9.6) in Xtraction, allowing remote authenticated attackers to read sensitive files and write arbitrary HTML, enabling information disclosure and client-side attacks. Fortinet patched two CVSS 9.1 flaws: CVE-2026-44277 in FortiAuthenticator and CVE-2026-26083 in FortiSandbox/Cloud/PaaS, both allowing unauthenticated remote code execution via crafted requests.
• SAP addressed two CVSS 9.6 vulnerabilities: an SQL injection in S/4HANA (CVE-2026-34260) exposing sensitive data, and a missing authentication check in SAP Commerce Cloud (CVE-2026-34263) enabling unauthenticated arbitrary code execution via malicious configuration upload.
• VMware Fusion received a fix for CVE-2026-41702 (CVSS 7.8), a TOCTOU vulnerability in a SETUID binary enabling local privilege escalation to root, addressed in version 26H1.
• n8n patched five CVSS 9.4 RCE vulnerabilities (CVE-2026-42231 through CVE-2026-44791) involving prototype pollution via XML parsing, HTTP pagination parameters, and Git CLI flag injection — all fixed in versions 1.123.43, 2.20.7, and 2.22.1.