The recent Nx “s1ngularity” NPM supply chain attack has led to a massive security fallout, exposing thousands of account tokens and repository secrets, according to Wiz researchers.
A post-incident analysis revealed that the breach compromised 2,180 accounts and 7,200 repositories in three distinct attack phases. Wiz emphasized that the impact is still unfolding, as many of the leaked secrets remain valid.
Nx, a widely used open-source build system and monorepo management tool in enterprise-scale JavaScript/TypeScript projects, has over 5.5 million weekly downloads on the NPM registry.
How the Attack Happened
On August 26, 2025, threat actors exploited a flawed GitHub Actions workflow in the Nx repository. This enabled them to publish a malicious version of Nx on NPM containing a post-install malware script called telemetry.js.
The telemetry.js malware targeted Linux and macOS systems, attempting to steal sensitive data such as GitHub tokens, npm tokens, SSH keys, .env files, and even crypto wallets. The stolen data was then uploaded to public repositories under the name “s1ngularity-repository.”
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: