Cybercriminals exploited secrets stolen during the Nx supply chain attack to publicly release over 6,700 private repositories, leading to widespread data exposure. The attack involved malicious Nx package versions, AI CLI exploitation, and data exfiltration of sensitive credentials and files, impacting hundreds of users and organizations. #NxSupplyChain #s1ngularity #GitHubRepositories #AIExfiltration
Keypoints
- Hackers used stolen secrets to leak over 6,700 private repositories on GitHub.
- The attack involved malicious Nx package versions containing scripts to search for sensitive data.
- Over 20,000 files and 1,700 secrets were compromised, affecting hundreds of users and organizations.
- The threat actors utilized AI CLI tools for reconnaissance and data exfiltration.
- Security experts recommend immediate secret rotation and investigation of compromised accounts.
Read More: https://www.securityweek.com/over-6700-private-repositories-made-public-in-nx-supply-chain-attack/