Nx Build System Package Compromised with Data-Stealing Malware
On August 26, 2025, the popular Nx build system package on npm was compromised with data-stealing malware. The malicious versions were live for just over five hours, potentially affecting thousands of developers. The malware targeted SSH keys, npm tokens, and .gitconfig
files, and even leveraged AI CLI tools like Claude, Gemini, and q for reconnaissance and data exfiltration. The attack originated from a compromised maintainer account via a leaked token, with a secondary wave exploiting stolen credentials to expose private repositories. Immediate remediation includes securing repositories, isolating affected users, and revoking access tokens, while developers are advised to check for compromised versions and strengthen supply chain security.
Comments
Post a Comment