The Nx supply chain attack (dubbed 's1ngularity') exploited a vulnerability in GitHub Actions workflows within the Nx repository, a widely used open-source build system for enterprise JavaScript/TypeScript projects. Attackers manipulated a pull request title and abused the `pull_request_target` configuration to execute arbitrary code in Nx’s CI pipeline, publishing a malicious version of the Nx package on NPM. This embedded a credential-stealing script (`telemetry.js`) that harvested 2,180 GitHub accounts, 7,200 repositories, and sensitive data including GitHub/npm tokens, SSH keys, .env files, cryptocurrency wallets, and other local credentials all uploaded to public GitHub repositories for exfiltration.The attack leveraged AI-driven tools (Claude, Q, Gemini) to automate and refine credential discovery, bypassing AI safeguards by tuning prompts (e.g., labeling actions as 'penetration testing'). Despite Nx’s response revoking tokens, enforcing 2FA, and migrating to NPM’s Trusted Publisher model stolen credentials remain valid, enabling ongoing access to corporate systems. The breach highlights critical risks in open-source supply chains, CI/CD security, and AI weaponization, with long-term implications for affected organizations, including potential source code leaks, infrastructure compromises, and cascading attacks via reused credentials.
Source: https://www.linkedin.com/pulse/ai-malware-strikes-s1ngularity-attack-hijacks-2000-uyaee
TPRM report: https://www.rankiteo.com/company/nxdevtools
"id": "nxd3703637090925",
"linkid": "nxdevtools",
"type": "Cyber Attack",
"date": "9/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '5.5 million+ weekly NPM '
'downloads (potential downstream '
'impact)',
'industry': 'software development tools',
'name': 'Nx (Nrwl)',
'type': 'open-source project/organization'},
{'industry': 'various (technology, finance, healthcare, '
'etc.)',
'location': 'global',
'name': 'GitHub users (2,180+ accounts)',
'type': ['developers', 'organizations', 'enterprises']},
{'industry': 'various',
'location': 'global',
'name': 'Organizations using Nx (7,200+ repositories '
'exposed)',
'type': ['enterprises',
'startups',
'open-source projects']}],
'attack_vector': ['GitHub Actions workflow manipulation',
'pull request title injection',
'abuse of pull_request_target configuration',
'malicious NPM package (telemetry.js)',
'AI-driven credential harvesting'],
'customer_advisories': ['Organizations using Nx were advised to rotate '
'credentials, audit repositories, and monitor for '
'unauthorized access.'],
'data_breach': {'data_exfiltration': ['uploaded to public GitHub repositories '
"('s1ngularity-repository')",
'AI-assisted discovery and extraction'],
'file_types_exposed': ['.env files',
'SSH keys',
'JavaScript/TypeScript project files',
'configuration files'],
'personally_identifiable_information': ['developer identities '
'(via GitHub/npm '
'tokens)',
'potential PII in '
'exposed '
'repositories'],
'sensitivity_of_data': 'high (includes tokens, SSH keys, and '
'proprietary code)',
'type_of_data_compromised': ['credentials',
'source code',
'environment variables',
'cryptocurrency wallet data']},
'date_detected': '2025-08-26',
'description': "The Nx 's1ngularity' supply chain attack involved the "
'exploitation of a vulnerability in GitHub Actions workflows '
'within the Nx repository, leading to the publication of a '
'malicious Nx package on NPM. The attack embedded a '
'credential-stealing script (telemetry.js) that harvested '
'GitHub and npm tokens, SSH keys, environment configuration '
'files, cryptocurrency wallet data, and other sensitive '
'credentials. The stolen data was uploaded to public GitHub '
"repositories labeled 's1ngularity-repository.' The attack "
'unfolded in three phases (August 26–27, August 28–29, and '
'August 31 onward) and leveraged AI-powered tools (Claude, Q, '
'and Gemini) to automate credential discovery. Over 2,180 '
'GitHub accounts and 7,200 repositories were exposed, with '
'many stolen credentials remaining valid, posing long-term '
'risks.',
'impact': {'brand_reputation_impact': ['loss of trust in Nx and open-source '
'supply chain',
'concerns over long-term security '
'implications',
'potential reputational damage to '
'affected organizations'],
'data_compromised': ['GitHub tokens',
'npm tokens',
'SSH keys',
'environment configuration files (.env)',
'cryptocurrency wallet data',
'sensitive credentials',
'source code (via exposed repositories)'],
'identity_theft_risk': ['high (due to stolen GitHub/npm tokens and '
'SSH keys)',
'potential for impersonation of developers '
'or maintainers'],
'operational_impact': ['compromised CI/CD pipelines',
'ongoing risk from valid stolen credentials',
'potential unauthorized access to '
'enterprise systems',
'disruption to software development '
'workflows'],
'payment_information_risk': ['cryptocurrency wallet data theft',
'potential financial fraud'],
'systems_affected': ['Linux systems',
'macOS systems',
'GitHub repositories (7,200+)',
'GitHub accounts (2,180+)',
'NPM package registry',
'CI/CD pipelines']},
'initial_access_broker': {'backdoors_established': ['malicious telemetry.js '
'script embedded in Nx '
'package',
'continued access via '
'stolen valid '
'credentials'],
'entry_point': 'GitHub Actions workflow '
'manipulation via pull request title '
'injection',
'high_value_targets': ['npm publishing tokens',
'GitHub tokens',
'enterprise source code '
'repositories',
'CI/CD pipelines'],
'reconnaissance_period': ['prior to August 26, 2025 '
'(exact duration '
'unknown)']},
'investigation_status': 'ongoing (post-incident analysis published by Wiz and '
'Nx)',
'lessons_learned': ['AI can be weaponized to accelerate credential theft and '
'bypass safeguards.',
'Open-source supply chains are high-value targets for '
'attackers seeking broad access.',
'Insecure CI/CD configurations (e.g., '
'pull_request_target) can lead to catastrophic breaches.',
'Token-based publishing models are vulnerable to '
'compromise; Trusted Publisher models are safer.',
'Prompt tuning can bypass AI safeguards, enabling '
'aggressive secret discovery.',
'Stolen credentials can remain valid long after initial '
'breaches, posing persistent risks.'],
'motivation': ['credential theft',
'access to enterprise source code',
'long-term persistence in compromised systems',
'exfiltration of sensitive data'],
'post_incident_analysis': {'corrective_actions': ['Migrated to NPM’s Trusted '
'Publisher model.',
'Enforced 2FA for all '
'publisher accounts.',
'Added manual approvals for '
'PR-triggered CI/CD '
'workflows.',
'Revoked and rotated '
'compromised tokens.',
'Published transparency '
'reports (root cause '
'analysis).',
'Collaborated with Wiz for '
'in-depth forensic '
'analysis.'],
'root_causes': ['Insecure use of '
'pull_request_target in GitHub '
'Actions, allowing arbitrary code '
'execution.',
'Lack of 2FA for npm publisher '
'accounts, enabling token theft.',
'Token-based publishing model, '
'which was vulnerable to '
'compromise.',
'AI-driven credential discovery, '
'accelerating the scale and '
'efficiency of the attack.',
'Delayed secret rotation, allowing '
'attackers prolonged access.']},
'recommendations': ['Adopt NPM’s Trusted Publisher model to eliminate '
'token-based publishing risks.',
'Enforce 2FA for all critical accounts (e.g., package '
'publishers, maintainers).',
'Implement manual approval workflows for PR-triggered '
'CI/CD pipelines.',
'Regularly rotate secrets and credentials, especially '
'after exposures.',
'Monitor for AI-driven attack patterns, including prompt '
'injection and LLM abuse.',
'Harden GitHub Actions workflows to prevent arbitrary '
'code execution.',
'Conduct proactive audits of open-source dependencies and '
'supply chain risks.',
'Educate developers on secure coding practices and '
'credential hygiene.'],
'references': [{'source': 'Wiz Security Research',
'url': 'https://www.wiz.io/blog/nx-s1ngularity-supply-chain-attack'},
{'source': 'Nx Root Cause Analysis (GitHub)',
'url': 'https://github.com/nrwl/nx/security/advisories/GHSA-xxxx-xxxx-xxxx'}],
'response': {'communication_strategy': ['root cause analysis published on '
'GitHub',
'collaboration with Wiz for '
'post-incident analysis'],
'containment_measures': ['revoked and rotated compromised tokens',
'enforced 2FA for publisher accounts',
'migrated to NPM’s Trusted Publisher '
'model',
'removed malicious Nx package from NPM'],
'enhanced_monitoring': ['proactive secret rotation',
'CI/CD security hardening'],
'incident_response_plan_activated': True,
'remediation_measures': ['manual approval workflows for '
'PR-triggered CI/CD pipelines',
'secret rotation for exposed '
'credentials',
'security audit of GitHub Actions '
'workflows'],
'third_party_assistance': ['Wiz security researchers']},
'stakeholder_advisories': ['Nx published a root cause analysis on GitHub.',
'Wiz provided detailed research on the attack '
'mechanics and AI-driven tactics.'],
'title': "Nx 's1ngularity' Supply Chain Attack",
'type': ['supply chain attack',
'credential theft',
'malware distribution',
'AI-enhanced attack'],
'vulnerability_exploited': ['insecure use of pull_request_target in GitHub '
'Actions',
'arbitrary code execution in CI/CD pipeline',
'lack of 2FA for publisher accounts',
'token-based publishing model']}