1. Forum
  2. tqwNet
  3. TQW GENTECH

  • NPM packages from Nx targeted in latest worrying software supply

    From TechnologyDaily@1337:1/100 to All on Thursday, August 28, 2025 15:15:09
    NPM packages from Nx targeted in latest worrying software supply chain attack

    Date:
    Thu, 28 Aug 2025 14:07:00 +0000

    Description:
    Hackers target popular open source build system and development toolkit, with relative success.

    FULL STORY ======================================================================When a token with publishing rights was stolen, multiple poisoned Nx variants were released The malware stole secrets and other important data The attack lasted a few hours, but could be causing damage still

    Countless software developers, likely including those within Fortune 500 companies, were victims of a supply chain attack after Nx, the open source build system and development toolkit, was compromised.

    In an announcement posted on GitHub, Nx said, malicious versions of Nx and some supporting plugins were published on NPM.

    At the same time, security researchers Wiz released a separate announcement, saying the malicious versions were carrying infostealing malware , grabbing secrets such as GitHub and NPM tokens, SSH keys, crypto wallet information, and more, from attacked developers. Thousands of leaked tokens

    How Nx was compromised remains unknown - Wiz believes the threat actors managed to get ahold of a token with publishing rights, which enabled them to push malicious versions to NPM, despite all maintainers having two-factor authentication (2FA) enabled at the time of the attack. Apparently, 2FA was not needed to publish the packages.

    The attack lasted approximately four hours, before NPM removed all of the poisoned versions.

    Nx did not discuss how many companies might have been struck in this supply chain attack, but Wiz told The Register via email that more than 1,000 valid GitHub tokens were leaked. Furthermore, the attackers stole around 20,000 files and dozens of valid cloud credentials and NPM tokens.

    Affected users should reach out to Nxs support team for help.

    Both NPM and Nx are hugely popular in the software development community,
    with more than 70% of Fortune 500 companies are allegedly using it, so its perhaps not surprising it is under constant attack.

    However, security researchers Step Security found something unique: the malware weaponized AI CLI tools (including Claude, Gemini, and q) to aid in reconnaissance and data exfiltration - marking the first known case where attackers have turned developer AI assistants into tools for supply chain exploitation.

    "This technique forces the AI tools to recursively scan the file system and write discovered sensitive file paths to /tmp/inventory.txt, effectively
    using legitimate tools as accomplices in the attack." You might also like
    When ransomware hits home: putting your people first Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/npm-packages-from-nx-targeted-in-latest -software-supply-chain-attack


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)