Malicious Nx Packages Used in Two Waves of Supply Chain Attack - DevOps.com
Malicious actors stole an Nx NPM token, published compromised package versions that harvest credentials and used leaked GitHub tokens to expose repositories and exfiltrate data.
Malicious Nx packages on npm exfiltrate developer secrets, including cryptocurrency, GitHub/npm tokens, and SSH keys, affecting thousands of repositories.
Malicious Nx Packages in 's1ngularity' Attack Leaked 2,349 GitHub, Cloud, and AI Credentials
Malicious nx and supporting plugins were published to npm, containing code that harvested credentials, scanned file systems, and exfiltrated data to GitHub repositories.
