Overview

• Investigators trace the breach to a vulnerable pull_request_target workflow that let an attacker steal a GITHUB_TOKEN, trigger a publish job, and exfiltrate an NPM token to release poisoned Nx builds.
• Eight Nx versions and several @nx plugins published on August 26 carried a postinstall payload that harvested secrets and pushed encoded data to public GitHub repos named s1ngularity-repository.
• Wiz and GitGuardian report 2,349 distinct secrets leaked, including over 1,000 GitHub tokens with many still valid, plus cloud and AI keys spread across roughly 1,079–1,400 public repos before takedown.
• The malware also altered .bashrc and .zshrc to add a sudo shutdown command and, in a novel tactic, coerced local AI CLI assistants like Claude and Gemini to enumerate files for exfiltration, researchers say.
• NPM removed affected versions within about an hour of alert, GitHub disabled the repos, and Nx rotated tokens and now requires 2FA and Trusted Publisher, while users are urged to rotate credentials and inspect startup files.