AI-powered Malware hit 2180 GitHub Accounts in “s1ngularity” Attack.

According to a post-incident evaluation by Wiz researchers, the Nx compromise has resulted in the exposure of over 2000 accounts and 7200 repositories across three distinct phases. Wiz also stressed that the incident's scope of impact remains significant….

https://www.wiz.io/blog/s1ngularitys-aftermath

#github #s1ngularity #ai #llm #attack #it #security #privacy #engineer #media #secure #programming #tech #news

TLDR recent #npm supply chain attacks

🗓️ 26 Aug: #nx packages compromised stealing SSH keys, npm tokens, and .gitconfig files and weaponized AI CLI tools 😱 upload to repo named #S1ngularity
HackerNews: https://news.ycombinator.com/item?id=45034496
GHSA-cxm3-wv7p-598c: https://github.com/nrwl/nx/security/advisories/GHSA-cxm3-wv7p-598c

🗓️ 8 Sep: #chalk, #debugjs and other packages by maintainer #qix (junon) compromised. They handled this very transparently 👍️
See
HackerNews: https://news.ycombinator.com/item?id=45169794
CVE-2025-59144: https://github.com/advisories/GHSA-4x49-vf9v-38px

wow!

compromised 2,180 GitHub accounts and 7,200 repositories

#github #s1ngularity #cve #security #vulnerability #malware
https://www.bleepingcomputer.com/news/security/ai-powered-malware-hit-2-180-github-accounts-in-s1ngularity-attack/

デプロイって伝統的にはローカル操作だから案外雑なことをやりがちだけど、イマドキはそこらへんも配布物に含まれてビルドと混在したりオンラインサービス化されたりするので、公開サービス並みの注意が必要……当たり前と言えば当たり前だけど、全部上流任せにして済む話でもないのよねえ、特にオープンソースなら(企業間なら裁判所で殴り合えばいいけど←よくねえよ

Nx の攻撃から学べること #s1ngularity | blog.jxck.io
https://blog.jxck.io/entries/2025-09-03/nx-incidents.html

🚨 Thousands of developer credentials stolen in the macOS #s1ngularity Nx supply chain attack. Targets included GitHub, npm, SSH, and AI tool keys. Update + revoke now.

Read: https://hackread.com/developer-credentials-stolen-macos-s1ngularity-attack/

#CyberSecurity #CyberAttack #InfoSec #macOS #GitHub