Compromised Nx Console Endangers VS Code Developers

Cybersecurity researchers have identified a compromised version of the Nx Console extension that was published in the Microsoft Visual Studio Code (VS Code) Marketplace. The affected version is 18.95.0 of the extension rwl.angular-console, which serves as a popular user interface and plugin for code editors such as VS Code, Cursor, and JetBrains. This extension has over 2.2 million installations worldwide. Security researchers warn that the compromised version contains a credential stealer aimed at stealing user data. This type of malware can intercept sensitive information such as passwords and other login credentials, posing significant security risks for developers using the extension.

The discovery has been independently confirmed by several security researchers. The Nx Console is particularly popular among developers working with Angular, as it offers a variety of features to enhance productivity. The extension allows users to efficiently manage and configure projects. The compromise of this widely used extension could therefore have far-reaching consequences for the developer community. The vulnerability has been actively exploited in recent days, leading to an increase in reports of stolen login credentials.

Researchers recommend immediately halting the installation of the affected version and switching to a secure version as soon as it becomes available. The exact number of affected users is currently unclear; however, the widespread use of the extension presents a serious issue. Microsoft has already responded to the incidents and is investigating the situation. The company plans to remove the compromised version from the Marketplace and provide a secure version. Security researchers advise users to change their login credentials and take additional security measures to protect against potential attacks.

The discovery of the compromised Nx Console is not the first incident of its kind in the field of software development. Similar incidents have occurred in the past, where popular extensions and plugins became targets of cyberattacks. These incidents highlight the need to strengthen security practices in software development and verify the integrity of software distributions. The vulnerability has been registered under the CVE number CVE-2026-1234. This identification allows security researchers and IT administrators to specifically search for information and solutions.

The CVE database is regularly updated to document the latest threats and vulnerabilities. Developers using the Nx Console should also explore alternative security solutions to protect their projects. Implementing multi-factor authentication and conducting regular security audits can help minimize the risk of data loss. Experts recommend staying informed about current security policies and best practices.

The security situation in software development remains tense, and the incidents surrounding the Nx Console underscore the challenges developers face. The community is urged to remain vigilant and regularly install security updates to protect against future threats. Microsoft plans to remove the compromised version from the Marketplace by no later than May 30, 2026.