<ciso brief/>
Tag Banner

All news with #nx tag

all tags →

Sat, September 6, 2025

AI-powered Nx malware exposes 2,180 GitHub accounts

#Supply-Chain Incident #Supply Chain Backdoor #Data Leak #GitHub #Nx

🔒 A backdoored NPM package published from the Nx repository delivered a post-install credential stealer named telemetry.js, which targeted Linux and macOS systems for GitHub and npm tokens, SSH keys, .env files and crypto wallets. The malware exfiltrated harvested secrets to public repositories named s1ngularity-repository. Attackers unusually used AI CLI tools (Claude, Q, Gemini) to run tuned LLM prompts for better credential harvesting. Nx and GitHub removed the packages, revoked tokens, and implemented 2FA, tokenless publishing and manual PR approvals.

read more →

Mon, September 1, 2025

Supply-Chain Attack on npm Nx Steals Developer Credentials

#AI Security #GitHub #JFrog #npm #Nx #Supply Chain Backdoor #Typosquatting

🔒 A sophisticated supply-chain attack targeted the widely used Nx build-system packages on the npm registry, exposing developer credentials and sensitive files. According to a report from Wiz, attackers published malicious Nx versions on August 26, 2025 that harvested GitHub and npm tokens, SSH keys, environment variables and cryptocurrency wallets. The campaign uniquely abused installed AI CLI tools (for example, Claude and Gemini) by passing dangerous permission flags to exfiltrate file-system contents and perform reconnaissance, then uploaded roughly 20,000 files to attacker-controlled public repositories. Organizations should remove affected package versions, rotate exposed credentials and inspect developer workstations and CI/CD pipelines for persistence.

read more →

Thu, August 28, 2025

Malicious Nx npm Packages in 's1ngularity' Supply Chain

#AI Supply Chain #Data Leak #GitHub #Key Leakage #npm #Nx #Supply Chain Backdoor #Supply-Chain Incident #Token Leakage

🔒 The maintainers of nx warned of a supply-chain compromise that allowed attackers to publish malicious versions of the npm package and several supporting plugins that gathered credentials. Rogue postinstall scripts scanned file systems, harvested GitHub, cloud and AI credentials, and exfiltrated them as Base64 to public GitHub repositories named 's1ngularity-repository' under victim accounts. Security firms reported 2,349 distinct secrets leaked; maintainers rotated tokens, removed the malicious versions, and urged immediate credential rotation and system cleanup.

read more →