Cyberattacks

1,000+ Developers Hit by AI-Powered Supply Chain Attack in Just 4 Hours

"Nx JavaScript build system hacked; AI-driven malware steals 20,000 files, exposing GitHub tokens and cloud credentials."

By Content Team

Aug 29, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Attackers compromised the popular Nx JavaScript build system on August 26, infecting over 1,000 developers and stealing 20,000 sensitive files in just four hours. The malware used AI tools like Claude Code and Gemini to hunt for GitHub tokens, SSH keys, and cryptocurrency wallets on victims' systems.

The attackers published malicious Nx packages at 10:32 PM UTC, then uploaded stolen data to public GitHub repositories with names like "singularity-repository-0" for easy collection. They also sabotaged victims' terminals to crash on startup, slowing incident response.

Despite quick takedown efforts, the damage was severe: over 1,000 valid GitHub tokens and dozens of cloud credentials were exposed. Shockingly, 90% of leaked GitHub tokens remain active, creating ongoing security risks for affected developers and their organizations.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Hackers Actively Probing Citrix NetScaler Systems Before Major Attack Wave

Mar 30, 2026

Identity Abuse Drives Nearly Two-Thirds of Cyberattacks, Unit 42 Report Shows

Feb 17, 2026

Critical 'MongoBleed' Bug Under Active Attack, Patch Now

Jan 6, 2026

SAP Releases Critical Security Patches for January 2026 - Immediate Action Required

Jan 13, 2026