The Nx “s1ngularity” supply chain attack led to the leak of thousands of account tokens and repository secrets, affecting millions of users and exposing sensitive data. The incident involved a malicious NPM package with post-install malware and advanced prompt tuning techniques employed by threat actors. #Nx #s1ngularity #GitHub #NPM #telemetry.js
Keypoints
- The attack involved a compromised Nx package exploiting a flawed GitHub Actions workflow.
- Malicious package included ‘telemetry.js,’ a credential-stealer targeting Linux and macOS systems.
- Threat actors used AI platform command-line tools and prompt tuning to harvest sensitive secrets.
- The incident impacted over 2,180 accounts and over 7,200 repositories across three phases.
- Nx responded by revoking tokens, removing malicious packages, and adopting NPM’s Trusted Publisher model.