TECH NEWS

CISA warns that Nx Console and GitHub repositories abused in multiple supply chain compromises – tools across enterprise, cloud, and DevOps environments exploited

https://cdn.mos.cms.futurecdn.net/x4SmwpYXk8yGgDmYCVeckL-2560-80.jpg
  • CISA issued an alert on ongoing supply chain attacks abusing GitHub repos via a malicious Nx Console VSCode extension and the Megalodon campaign
  • Threat actors stole CI/CD secrets, cloud credentials, and tokens by poisoning workflows, prompting CISA to urge audits of contributor activity and workflow files
  • Recommended mitigations include forensic reviews, rotating/revoking all pipeline secrets, pinning trusted package versions, and delaying pulls to allow community detection

The US Cybersecurity and Infrastructure Security Agency (CISA) is warning about multiple ongoing supply chain attacks and is urging developers and open-source platform users to apply mitigations and secure their environments.

In a news alert published earlier this week, the agency warned about attacks on GitHub repos via a malicious Nx Console Visual Studio Code (VSCode) extension, as well as the Megalodon supply chain campaign. It said these attacks show “how cyber threat actors are abusing tools and processes that support enterprise, cloud, and...

Copyright of this story solely belongs to techradar.com. To see the full text click HERE

Read more