News
Nx supply chain attack on Aug 26, 2025 leaked 2,349 secrets via npm packages, risking GitHub and cloud accounts.
At the same time, security researchers Wiz released a separate announcement, saying the malicious versions were carrying infostealing malware, grabbing secrets such as GitHub and NPM tokens, SSH keys, ...
The popular Nx build system, boasting 4 million downloads each week, was exploited in the first supply chain breach to use AI assistants.
GitHub and npm are often linked in workflows, allowing the publishing of npm packages once a GitHub organization is hijacked.
Socket noted that the attack is a textbook example of “multi-stage supply chain compromise,” which involves harvesting maintainer credentials, publishing malicious versions on npm, and ...
In a newly discovered supply chain attack, attackers last week targeted a range of npm-hosted JavaScript type testing utilities, several of which were successfully compromised to distribute ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback