The Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent warning on May 28, 2026, confirming that a coordinated supply chain attack has poisoned the wellspring of modern software development—Visual Studio Code extensions and GitHub Actions workflows. This dual-pronged assault leverages a trojanized version of the popular Nx Console extension and a separate campaign named Megalodon that exploits unauthorized repository access to inject malicious GitHub Actions workflows. The result is a deep compromise of build systems that threatens to ripple across the software ecosystem.

CISA’s advisory came after multiple reports of tampered software builds and anomalous behavior traced back to developer environments. The agency’s alert underscores a dangerous escalation in supply chain threats, where attackers are moving beyond traditional dependencies and directly into the tools developers use daily.

The Poisoned VS Code Extension

The malicious extension at the center of the alert is Nx Console, a widely adopted tool that provides a graphical interface for Nx monorepo operations directly inside VS Code. Nx, developed by Nrwl, is used by thousands of enterprise teams for projects built with Angular, React, and Node.js. The extension streamlines tasks like generating code, running tests, and building applications. Because it operates with user permissions and interacts closely with development pipelines, it became an attractive target.

Attackers managed to publish a compromised version of Nx Console to the Visual Studio Code Marketplace. Initial investigation suggests that the threat actor either gained access to the publisher’s credentials or exploited a vulnerability in the extension’s update mechanism. Once installed, the malicious code sat dormant until a victim opened a workspace, at which point it exfiltrated environment variables, SSH keys, and .gitconfig files. More critically, it silently modified Nx workspace configurations and injected extra build steps into local CI scripts. Those changes were then pushed to shared repositories, spreading the infection to other team members and their build systems.

This isn’t the first time VS Code extensions have been weaponized. In 2021, a fake ESLint extension garnered over 45,000 installs before being removed after researchers discovered it was stealing credentials. The Nx Console attack is more insidious because it targets a trusted, widely used utility and couples credential theft with pipeline manipulation.

Megalodon: A Workflow Attack

Simultaneously, CISA reported a campaign dubbed “Megalodon” that directly targets GitHub Actions, the popular CI/CD platform integrated into GitHub repositories. Attackers used stolen personal access tokens, compromised third-party integrations, or insider access to push commits that introduced malicious workflows into thousands of repositories.

These workflows, written in YAML, are executed on GitHub-hosted runners whenever specific events occur, such as a push to the main branch or a pull request. The Megalodon payloads included steps that leaked repository secrets to attacker-controlled servers, injected backdoors into compiled artifacts, and exfiltrated source code. In some cases, the rogue workflows modified other workflows, creating a self-propagation mechanism that spread across forks and dependent projects.

One hallmark of the Megalodon campaign was its use of “repo-jacking”—taking over renamed repositories to hijack the dependencies of existing workflows. By claiming a namespace of a popular action that had been retired or renamed, attackers could silently swap legitimate actions with their malware-infested versions. This technique, known for years, remains a viable attack vector because many workflows pin actions by a mutable reference like a branch name instead of a specific commit hash.

CISA’s Response and Industry Impact

The CISA advisory includes indicators of compromise (IOCs) for both threats and recommends immediate auditing of all VS Code extensions and GitHub Actions used in an organization. The agency also urges developers to enable branch protection rules, require commit signing, and adopt the principle of least privilege for CI/CD tokens.

Reaction from major technology firms was swift. Microsoft and GitHub jointly issued a statement confirming they were working with CISA to remove the malicious extension versions and disable the rogue actions. Nrwl released an urgent patch and a tool to scan for signs of compromise in Nx workspaces. Meanwhile, security teams at companies like Google, Amazon, and various defense contractors scrambled to audit their codebases and reset credentials exposed during the attack window.

The financial and operational toll is still being calculated. Because both attacks target build systems, the downstream effects could manifest weeks or even months later when compromised artifacts are integrated into production environments. Supply chain attacks have already been labeled by Gartner as the number one risk to software integrity, and this incident reinforces that assessment.

The Bigger Picture: Software Supply Chain Under Siege

The dual attacks underscore a distressing trend: adversaries are increasingly exploiting the trust relationships inherent in modern development. The 2020 SolarWinds breach, the 2021 Codecov compromise, and the 2023 3CX desktop app attack all followed similar patterns—infiltrating a trusted component and then using it as a springboard into countless downstream targets. What makes the Nx Console and Megalodon campaigns particularly alarming is their exploitation of tools that are deeply embedded in the developer workflow and often overlooked by traditional security scanners.

VS Code now holds over 70% of the integrated development environment market. Its extension marketplace hosts tens of thousands of packages, many of which have broad system access. GitHub Actions, meanwhile, processes billions of workflow runs per month. The sheer volume creates a massive attack surface, and the interconnectedness of workflows means a single poisoned repository can infect dozens of others within minutes.

Industry observers have long warned that the trust model of extension marketplaces is broken. Malicious extensions can be published, pass an automated review, and go undetected for weeks. Even when flagged, removal is a manual process that leaves remaining installations active. The Megalodon campaign also highlights the risks associated with overly permissive GitHub Actions tokens and the common practice of using mutable references in workflow files.

What Developers Should Do

CISA’s advisory lists several immediate steps that development teams should take:

  • Audit VS Code extensions: Remove any that are unnecessary, verify the publisher’s identity, and check code signatures. Stick to extensions from verified publishers and those that are actively maintained.
  • Review GitHub Actions workflows: Inspect all workflow runs for anomalies. Check for unauthorized modifications to workflow files and ensure actions are pinned to specific commit SHAs rather than branches or tags.
  • Implement strong access control: Use branch protection rules, require code review before merging, and enable commit signing to prevent unauthorized commits. Restrict personal access tokens and GitHub App credentials to the smallest scope possible.
  • Monitor for IOCs: Deploy the specific file hashes and network indicators published by CISA to SIEM and EDR tools.
  • Educate teams: Make developers aware of supply chain risks and encourage reporting of suspicious behavior in tools they use daily.

Longer-term, the industry must move toward greater transparency and resilience. Build reproducibility, cryptographically signed releases, and mandatory authenticity checks for extensions and actions can raise the bar. Organizations should adopt zero-trust principles for CI/CD pipelines, treating the build system itself as a critical asset that must be hardened and continuously verified.

CISA’s timely alert again serves as a wake-up call. The software supply chain is only as strong as its weakest link, and attackers are adept at finding those links. The poisoned VS Code extension and the Megalodon workflows are not anomalies—they represent a new normal that demands a fundamental shift in how we secure the very tools we use to create software.