The maintainers of NX warned users about a supply chain attack dubbed s1ngularity that occurred on August 26, 2025. The compromise of one developer’s token allowed the attackers to publish malicious versions of the popular npm package and other tools, and then steal user data.
NX is a popular open-source build platform that helps manage code in large projects. It positions itself as “an AI-first build platform that brings together everything — from the editor to CI.” The project has over 4 million weekly downloads.
“Malicious versions of the nx package, as well as some auxiliary plugins, were published to npm. They included code that scans the file system, collects credentials, and sends them to GitHub as a repository under the user’s account,” reads the official statement from the maintainers.
The developers explain that the root cause of the compromise was a vulnerable workflow, added on August 21, 2025, which allowed executable code to be injected via a specially crafted pull request header. Although this workflow was rolled back “almost immediately” after the issue was discovered, the attacker managed to create a pull request to trigger the attack, targeting an outdated branch that still contained the vulnerable workflow.
“The pull_request_target trigger was used to run an action when a pull request was created or modified,” the NX team writes. “However, a warning was overlooked: unlike the standard pull_request, this trigger runs the workflow with elevated privileges, including a GITHUB_TOKEN with read and write permissions to the repository.”
It is assumed that in the end the GITHUB_TOKEN was used to trigger publish.yml, which is responsible for publishing NX packages to the registry using an npm token.
Since the pull request validation workflow was running with elevated privileges, the attackers were able to trigger the publish.yml workflow in the nrwl/nx repository with their malicious changes. This allowed them to steal the npm token by sending it to an endpoint they controlled on webhook[.]site.
“As part of the bash injection, the pull request validation workflow triggered publish.yml with this malicious commit and sent our npm token to an unknown webhook,” the developers write. “We believe this is how the attacker obtained the npm token used to publish the malicious versions of nx.”
The list of affected packages and versions is given below. They have currently been removed from npm.
- nx 21.5.0, 20.9.0, 20.10.0, 21.6.0, 20.11.0, 21.7.0, 21.8.0, 20.12.0
- @nx/devkit 21.5.0, 20.9.0
- @nx/enterprise-cloud 3.2.0
- @nx/eslint 21.5.0
- @nx/js 21.5.0, 20.9.0
- @nx/key 3.2.0
- @nx/node 21.5.0, 20.9.0
- @nx/workspace 21.5.0, 20.9.0
In the malicious versions of the packages, a postinstall script was discovered that activated after installation, scanned the system for text files, collected credentials, and exfiltrated the gathered data, encoded in base64, to publicly accessible GitHub repositories named s1ngularity-repository (or s1ngularity-repository-0 and s1ngularity-repository-1) using the user’s account.
“The malicious postinstall script also modified the .zshrc and .bashrc files, which are executed when the terminal launches, adding sudo shutdown -h 0, which prompts users for the system password and, if provided, immediately shuts down the machine,” the maintainers add.
Although GitHub is already removing such repositories, users who encountered the attack are advised to assume their information is compromised and urgently change their credentials, as well as rotate their GitHub and npm tokens. It’s also recommended to stop using the malicious packages as soon as possible and check the .zshrc and .bashrc files for unfamiliar instructions and remove them.
The NX team reports that it has already rotated its npm and GitHub tokens, audited GitHub and npm activity for suspicious behavior, and updated NX publishing permissions to require two-factor authentication.
Researchers from the cybersecurity company Wiz report that 90% of the GitHub tokens stolen by the hackers are still valid, as are dozens of valid cloud credentials and npm tokens.
According to experts, the malware was often executed on developers’ machines via the NX extension for Visual Studio Code.
As StepSecurity notes, this incident was the first known case in which attackers turned command-line AI tools (Claude, Google Gemini, and Amazon Q) into a weapon for exploiting the software supply chain and used them to bypass defenses.
“They made AI tools recursively scan the file system and write the discovered sensitive file paths to /tmp/inventory.txt, effectively using legitimate tools as accomplices in the attack,” StepSecurity says.
At the same time, the repositories containing the stolen secrets remained active and publicly accessible for roughly eight hours, until GitHub representatives intervened in the situation.
Meanwhile, experts at GitGuardian reported that they found 1,346 repositories containing the string “s1ngularity-repository.” New ones are still appearing, meaning developers continue to use the compromised package. Attackers now appear to be using compromised GitHub tokens to make previously private repositories public and rename them following the pattern s1ngularity-repository-#5characters#.
According to the researchers’ estimates, among the 2,349 stolen secrets, the vast majority are GitHub OAuth keys and personal access tokens (PAT), followed by API keys and credentials for Google AI, OpenAI, Amazon Web Services, OpenRouter, Anthropic Claude, PostgreSQL, and Datadog.
It is noted that 85% of the infected systems were running macOS.
2025.02.08 — Hackers exploit RCE vulnerability in Microsoft Outlook
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned Federal Civilian Executive Branch (FCEB) Agencies that they have to secure their systems from ongoing…
Full article →
2025.03.05 — Polish Space Agency disconnects its network due to hacker attack
Last weekend, the Polish Space Agency (POLSA) had to disconnect all of its systems from the Internet to localize an attack targeting its IT infrastructure. After discovering the intrusion,…
Full article →
2025.02.05 — Google patches Android zero-day vulnerability exploited by hackers
Google released the February set of patches for Android. In total, they fix 48 bugs, including a kernel zero-day vulnerability actively exploited by hackers. The zero-day's…
Full article →
2025.01.28 — J-magic backdoor attacked Juniper Networks devices using 'magic packets'
A massive backdoor attack targeting Juniper routers often used as VPN gateways has been uncovered. The devices were attacked by the J-magic malware that…
Full article →
2025.02.23 — New JavaScript obfuscation technique uses invisible Unicode characters
According to Juniper Threat Labs , a new JavaScript obfuscation technique that uses invisible Unicode characters was used in a phishing attack targeting Political Action…
Full article →
2025.04.30 — Coinbase fixes 2FA bug that made customers panic
Cryptocurrency exchange Coinbase has fixed a bug in its Account Activity logs that caused customers to think their credentials were compromised. Earlier this month, BleepingComputer…
Full article →
2025.02.10 — Failed attempt to block phishing link results in massive Cloudflare outage
According to the incident report released by Cloudflare, an attempt to block a phishing URL on the R2 platform accidentally caused a massive outage; as a result, many Cloudflare…
Full article →
2025.03.26 — Cloudflare to block all unencrypted traffic to its APIs
According to Cloudflare, effective immediately, only secure HTTPS connections to api.cloudflare.com will be accepted; while all HTTP ports are to be closed. The purpose of this decision…
Full article →
2025.03.24 — Alexa to stop processing data locally. All voice requests will be sent to Amazon Cloud
Amazon announced that the privacy option allowing users of Echo speakers to avoid sending their voice recordings to the company's cloud will no longer be supported. Effective March…
Full article →
2025.02.21 — Microsoft fixes vulnerability in Power Pages exploited by cybercriminals
Microsoft patched a severe privilege escalation vulnerability in Power Pages used by hackers as a 0-day. The vulnerability tracked as CVE-2025-24989 (CVSS score 8.2) pertains…
Full article →