⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos

Key Points:

• A significant breach of GitHub's internal repositories occurred due to a compromised Nx Console VS Code extension, allowing TeamPCP to exfiltrate approximately 3,800 repositories.
• The incident highlights vulnerabilities in software supply chains, affecting multiple organizations including OpenAI and Grafana Labs, and indicates a growing trend of targeted attacks on developer environments.
• Immediate patching is advised for several critical vulnerabilities (e.g., CVE-2026-48172, CVE-2026-45498) across widely used systems to mitigate potential exploitation.

Technical Details: The breach was facilitated by a poisoned version of the Nx Console extension, which compromised an employee device. This incident is part of the broader Mini Shai-Hulud campaign that has exposed numerous downstream victims.

MITRE ATT&CK Techniques:

• T1071.001 - Application Layer Protocol: Web Protocols (Command and Control)
• T1190 - Exploit Public-Facing Application (Initial Access)

IOCs Mentioned:

• CVE-2026-48172
• CVE-2026-34926
• CVE-2026-20223
• CVE-2026-41091
• CVE-2026-45498
• CVE-2026-45584
• CVE-2026-46333
• CVE-2026-9082
• CVE-2026-45585
• CVE-2026-2743 (Note: Multiple additional CVEs mentioned in the article.)