Hackers leak confidential information from compromised developer systems

Hackers used the s1ngularity supply chain attack to steal over 20,000 files from 225 users and make more than 6,700 private repositories public. The attackers compromised Nx’s NPM token to publish malicious versions that harvested API keys, GitHub tokens, and cryptocurrency wallet data from infected systems. The malware also exploited AI assistant tools like Claude and Gemini to perform reconnaissance and data exfiltration. Security firm Wiz found that attackers accessed 480 accounts and leaked thousands of valid credentials, though they urge affected users to rotate compromised secrets since many NPM tokens remain active.

Read more:

https://www.securityweek.com/over-6700-private-repositories-made-public-in-nx-supply-chain-attack/