S1ngularity leak: GitHub and NPM affected 🚨
Recent investigations into the supply chain attack dubbed "s1ngularity" against Nx reveal a massive credential leak: thousands of account tokens and repository secrets were exposed, with repercussions across multiple phases of the incident. A post-incident report from Wiz documents the scope and provides insight into how the exfiltration evolved and its impact. 🚨📊
According to the assessment published by Wiz researchers, the breach resulted in the exposure of 2,180 accounts and 7,200 repositories in three distinct phases, with many secrets still valid and risk of continued damageThe white paper provides details on the timeline, the attacker's techniques, and the nature of the leaked secrets. 🔍📈
The Nx Supply Chain Attack ⚠️🚀
Nx is an open-source, single-repository build and management system widely used in enterprise-scale JavaScript/TypeScript ecosystems. With millions of weekly downloads on the NPM registry, a compromised package has a far-reaching impact on numerous integrations and development pipelines. ⚙️
Compromise vector and incident date 📅
On August 26, 2025, the attacker exploited a vulnerable GitHub Actions workflow in the Nx repository to publish a malicious version of the package to NPM. The package included a malicious post-install script named "telemetry.js" that acted as credential-extractor malware on affected systems. 🔥
How telemetry.js malware works 🕵️♂️
The telemetry.js malware acted as a credential thief in Linux and macOS, attempting to steal GitHub tokens, npm tokens, SSH keys, .env files, cryptocurrency wallets, and other secrets, then uploading them to public GitHub repositories named "s1ngularity-repository". This pattern allowed the attacker to centralize and expose the stolen information. 🔐
Source: Wiz
The attacker also integrated command-line tools for AI platforms (e.g., Claude, Q, and Gemini) to automate search and harvesting using targeted prompts. Wiz documents how the prompt evolved during the attack, optimizing extraction and circumventing model rejections for certain instructions, reflecting the actor's active attunement to LLM techniques. ✨💡
Impact range: damage radius and phases 📈🔥
The incident unfolded in three phases. In the first, between August 26 and 27, compromised versions of Nx directly affected 1,700 users and leaked more than 2,000 unique secrets, in addition to exposing around 20,000 files from infected systems. GitHub intervened, but much of the data had already been duplicated.
- 🔹 Phase 1 (August 26–27): 1,700 users affected, ~2,000 leaked secrets, 20,000 compromised files.
- 🔸 Phase 2 (August 28–29): Using leaked tokens to convert private repositories to public ones; 480 additional accounts compromised and 6,700 repositories exposed.
- 🔹 Phase 3 (from August 31): attack targeting a victim organization using accounts compromised to publish 500 more private repositories.
During the second phase, the attackers used stolen GitHub tokens to make private repositories public and rename them with the string 's1ngularity,' amplifying the exposure. In the third phase, a specific target was exploited to publish hundreds of additional private repositories, demonstrating the attacker's persistence and escalation. 🎯
Source: Wiz
Nx Project Response and Mitigation 🔧✅
The Nx team published a root cause analysis on GitHub explaining how an injection in the title of a pull request combined with insecure use of pull_request_target allowed arbitrary code to be executed with elevated permissions, triggering the publishing pipeline and facilitating the exfiltration of the npm publishing token. 🛠️
The actions implemented included removing malicious packages, revoking and rotating compromised tokens, and mandating two-factor authentication for all publisher accounts. Additionally, Nx adopted NPM's Trusted Publisher model and added manual approval for PR-triggered workflows. 🔐📌
Quick tips and key points ✏️
- ✅ Review and rotate tokens and secrets immediately if compromise is suspected.
- 📌 Avoid unsafe use of pull_request_target and enforce manual approvals on sensitive flows.
- 🔧 Implement multi-factor authentication and trusted publishing models like Trusted Publisher.
- ⚡ Monitor public repositories and perform automated secret searches for early detection.
Defining Snippets and FAQs ✨
What is telemetry.js?
telemetry.js is the name of the malicious post-install script included in the compromised version of the Nx package; it acted as a credential stealer on Linux and macOS systems to harvest and exfiltrate secrets to public repositories controlled by the attacker. 🔍
How many accounts and repositories were affected?
According to Wiz's report, the attack exposed 2,180 accounts and 7,200 repositories throughout the three documented phases of the incident, with many secrets still valid and a risk of continued impact. 📊
461 TP3T environments had compromised passwords, nearly double the 251 TP3T the previous year. Get the Picus Blue Report 2025 for a complete analysis of data exfiltration prevention, detection, and trends. 📈
The report provides metrics, recommendations, and case studies to strengthen defenses and improve response to secret leaks.
