Cyberattacks

Hackers Launch First AI-Powered Supply Chain Attack on Popular Nx Build System

Cybercriminals execute "s1ngularity" attack on Nx JavaScript, exploiting AI for data theft, affecting over 4 million downloads.

By Content Team

Aug 28, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Cybercriminals executed a sophisticated supply chain attack called "s1ngularity" targeting the Nx JavaScript build system, which has over 4 million weekly downloads. On August 26, hackers exploited a workflow vulnerability to steal GitHub and NPM tokens, publishing eight malicious versions of Nx packages between 6:32-8:37 PM EDT.

The malware systematically harvested sensitive data from infected systems, including SSH keys, API tokens, and cryptocurrency wallet information. In a groundbreaking twist, attackers weaponized AI tools like Claude and Gemini to assist with reconnaissance and data theft—marking the first known case of AI being turned against developers in supply chain attacks.

Security firms discovered over 2,300 stolen secrets uploaded to more than 1,000 GitHub repositories. Half of these credentials remained valid when discovered, highlighting the urgent need for immediate revocation of compromised tokens.

Source: Security Week

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Microsoft Blocks Windows 11 Automated Installation After Critical Security Flaw

Mar 16, 2026

Oswego Man Pleads Guilty to Hacking Hundreds of Women's Snapchats for Nude Photos

Feb 6, 2026

Hackers Exploit Critical Langflow Bug in Just 20 Hours

Mar 20, 2026

Tennessee Man Pleads Guilty to Hacking Supreme Court Filing System 25 Times

Jan 18, 2026