According to specialists at Wiz, who examined the recent s1ngularity attack targeting NX, the incident had far-reaching consequences. The breach of NX led to the exposure of data from 2,180 accounts and affected 7,200 repositories.
In their report, the researchers emphasize that many of the compromised secrets are still valid.
NX is a popular open-source build platform that helps manage code in large projects. It bills itself as an “AI-first build platform that brings everything together — from the editor to CI.” NX is widely used in enterprise-level JavaScript/TypeScript ecosystems.
As a reminder, at the end of August attackers exploited a vulnerability in the GitHub Actions workflow in the NX repository to publish a malicious version of a package to npm. It included a malicious script that ran after installation (telemetry.js).
The malware was an infostealer targeting Linux and macOS systems. It aimed to steal GitHub and npm tokens, SSH keys, .env files, and cryptocurrency wallet data. The collected information was uploaded to public repositories on GitHub whose names contained the string s1ngularity-repository (or s1ngularity-repository-0 and s1ngularity-repository-1).
An interesting aspect of this attack was that the incident became the first known case in which attackers turned command-line AI tools (Claude, Google Gemini, and Amazon Q) into a weapon to exploit the supply chain and used them to bypass security measures.
The attackers used AI to search for and collect confidential credentials and secrets. Wiz analysts report that the prompts were changed with each iteration of the attack, meaning the attackers tuned them to achieve greater effectiveness.
The NX team published a detailed root cause analysis of the incident on GitHub. The developers explained that the breach occurred through a vulnerable workflow that allowed executable code to be injected via a specially crafted pull request header.
Wiz researchers calculated that at the first stage of the attack (from August 26 to 27, 2025), NX packages infected with a stealer directly affected 1,700 users, leading to the leak of more than 2,000 unique secrets. In addition, the attack resulted in 20,000 files from infected systems being exposed.
It is noted that during the first phase of the attack, at least three different payloads were injected into NX packages.
GitHub specialists responded to the incident, deleting the repositories created by the attackers eight hours later. However, that window was enough to steal the data.
From August 28 to 29, the attack entered its second phase: the attackers used stolen GitHub tokens to make private repositories public by renaming them following the pattern s1ngularity-repository-#5characters#.
This led to the further compromise of another 480 accounts, most of which belonged to organizations, as well as the exposure of information from 6,700 private repositories.
At the third stage of the attack, which began on August 31, the attackers targeted an unnamed organization. The hackers used two previously compromised accounts to make another 500 private repositories public. The affected repositories had the _bak prefix in their names and contained the string s1ngularity in their descriptions.
Experts believe that the total number of users who downloaded malicious versions of NX and ran the malware on their machines likely far exceeds the figures cited above.
Moreover, about 100 unique npm tokens (over 40% of all tokens stolen in the first stage of the attack) remain active. At the same time, only 5% of the compromised GitHub tokens remain active.