Investigations into the Nx “s1ngularity” NPM provide chain assault have unveiled an enormous fallout, with 1000’s of account tokens and repository secrets and techniques leaked.
Based on a post-incident analysis by Wiz researchers, the Nx compromise has resulted within the publicity of two,180 accounts and seven,200 repositories throughout three distinct phases.
Wiz additionally pressured that the incident’s scope of impression stays vital, as lots of the leaked secrets and techniques stay legitimate, and so the impact remains to be unfolding.
The Nx “s1ngularity” provide chain assault
Nx is a well-liked open-source construct system and monorepo administration instrument, broadly utilized in enterprise-scale JavaScript/TypeScript ecosystems, having over 5.5 million weekly downloads on the NPM bundle index.
On August 26, 2025, attackers exploited a flawed GitHub Actions workflow within the Nx repository to publish a malicious model of the bundle on NPM, which included a post-install malware script (‘telemetry.js’).
The telemetry.js malware is a credential stealer concentrating on Linux and macOS programs, which tried to steal GitHub tokens, npm tokens, SSH keys, .env information, crypto wallets, and add the secrets and techniques to public GitHub repositories named “s1ngularity-repository.”
What made this assault stand out was that the credential-stealer to used put in command-line instruments for synthetic intelligence platforms, akin to Claude, Q, and Gemini, to seek for and harvest delicate credentials and secrets and techniques utilizing LLM prompts.
Supply: Wiz
Wiz stories that the immediate modified over every iteration of the assault, displaying that the menace actor was tuning the immediate for higher success.
“The evolution of the immediate reveals the attacker exploring immediate tuning quickly all through the assault. We are able to see the introduction of role-prompting, in addition to various ranges of specificity on methods,” defined Wiz.
“These modifications had a concrete impression on the success of the malware. The introduction of the phrase “penetration testing”, for instance, was concretely mirrored in LLM refusals to interact in such exercise.”
A large blast radius
Within the first part of the assault, between August 26 and 27, the backdoored Nx packages straight impacted 1,700 customers, leaking over 2,000 distinctive secrets and techniques. The assault additionally uncovered 20,000 information from contaminated programs.
GitHub responded by taking down the repositories the attacker created after eight hours, however the knowledge had already been copied.
Between August 28 and 29, which Wiz defines as part 2 of the incident, the attackers used the leaked GitHub tokens to flip non-public repositories to public, renaming them to incorporate the ‘s1ngularity’ string.
This has resulted within the additional compromise of one other 480 accounts, the vast majority of which have been organizations, and the general public publicity of 6,700 non-public repositories.
Within the third part, which started on August 31, the attackers focused a single sufferer group, using two compromised accounts to publish an extra 500 non-public repositories.
Supply: Wiz
Nx’s response
The Nx group revealed an in depth root trigger evaluation on GitHub explaining that the compromise got here from a pull request title injection mixed with the insecure use of pull_request_target.
This allowed the attackers to run arbitrary code with elevated permissions, which in flip triggered Nx’s publish pipeline and exfiltrated the npm publishing token.
The malicious packages have been eliminated, the compromised tokens have been revoked and rotated, and two-factor authentication has been adopted throughout all writer accounts.
To stop a recurrence of such a compromise, the Nx challenge has now adopted NPM’s Trusted Writer mannequin, which eliminates token-based publishing, and added guide approval for PR-triggered workflows.
46% of environments had passwords cracked, almost doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete have a look at extra findings on prevention, detection, and knowledge exfiltration traits.
