GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in last week's TanStack npm supply-chain attack. This attack is attributed to the TeamPCP threat group and began with the compromise of dozens of TanStack and Mistral AI npm packages, then quickly extended to other projects (including UiPath, Guardrails AI, and OpenSearch) using stolen CI/CD credentials. TeamPCP was linked to other major supply c...