A GitHub internal repository breach occurred due to a compromised employee device, which was infected with a malicious version of the Nx Console VS Code extension, specifically the nrwl.angular-console. The Nx team disclosed that one of its developers' systems was hacked, leading to the poisoning of the extension. This incident highlights the evolving nature of attacks, where adversaries target developers and their tools to gain access to sensitive information. The breach of GitHub's internal repositories has significant implications, as it involves a major player in the software development industry. The fact that a Microsoft VS Code extension was used as an attack vector raises concerns about the security of widely-used development tools1. This incident matters to practitioners because it underscores the need for heightened security measures, particularly in the software supply chain, to prevent similar breaches and mitigate potential downstream effects.