https://cybercrime.club/tags/credential-stealer/Infrastructure security news for people who build infrastructure.Hugo -- gohugo.ioen-usWed, 20 May 2026 07:14:38 -0400https://cybercrime.club/posts/nx-console-vscode-extension-supply-chain-orphan-commit-stealer/Wed, 20 May 2026 07:14:38 -0400https://cybercrime.club/posts/nx-console-vscode-extension-supply-chain-orphan-commit-stealer/A compromised Nx Console 18.95.0 extension pulled a 498 KB stealer from an orphan commit in the official nrwl/nx repo, harvesting GitHub, npm, AWS and Vault secrets — and shipped tooling to forge signed npm provenance.supply-chain