• About Us
  • Announce
  • Privacy Policy
  • Contact us
MasterTrend News
  • HOME
    • BLOG
    • STORE
  • Tutorials
  • Hardware
  • Gaming
  • Mobiles
  • Security
  • Windows
  • AI
  • Software
  • Networks
  • News
  • English English
    • Spanish Spanish
    • Portuguese Portuguese
    • French French
    • Italian Italian
    • German German
    • Korean Korean
    • Japanese Japanese
    • Chinese Chinese
    • Russian Russian
    • Thai Thai
    • Polish Polish
    • Turkish Turkish
    • Indonesian Indonesian
    • Hindi Hindi
    • Arabic Arabic
    • Swedish Swedish
    • Dutch Dutch
No result
See all results
  • HOME
    • BLOG
    • STORE
  • Tutorials
  • Hardware
  • Gaming
  • Mobiles
  • Security
  • Windows
  • AI
  • Software
  • Networks
  • News
  • English English
    • Spanish Spanish
    • Portuguese Portuguese
    • French French
    • Italian Italian
    • German German
    • Korean Korean
    • Japanese Japanese
    • Chinese Chinese
    • Russian Russian
    • Thai Thai
    • Polish Polish
    • Turkish Turkish
    • Indonesian Indonesian
    • Hindi Hindi
    • Arabic Arabic
    • Swedish Swedish
    • Dutch Dutch
No result
See all results
MasterTrend News
No result
See all results
Start Security

s1ngularity leak: 2,180 accounts and 7,200 repos.

MasterTrend Insights by MasterTrend Insights
September 6, 2025
in Security
Reading time:Lectura de 4 minutos
TO TO
0
s1ngularity leak - GitHub logo on a red background; security alert for the s1ngularity leak affecting GitHub and NPM, putting developer repositories at risk.

s1ngularity leak: GitHub and NPM affected. Cyberattack could compromise repositories and packages; revoke tokens, verify commits, and update dependencies with 2FA to protect your projects.

2
SHARED
5
Views
Share on FacebookShare on Twitter

Contents

  1. S1ngularity leak: GitHub and NPM affected 🚨
  2. The Nx Supply Chain Attack ⚠️🚀
    1. Compromise vector and incident date 📅
    2. How telemetry.js malware works 🕵️‍♂️
  3. Impact range: damage radius and phases 📈🔥
  4. Nx Project Response and Mitigation 🔧✅
    1. Quick tips and key points ✏️
    2. Defining Snippets and FAQs ✨
    3. Related Posts

S1ngularity leak: GitHub and NPM affected 🚨

GitHub — illustration related to token and secret leak

Recent investigations into the supply chain attack dubbed "s1ngularity" against Nx reveal a massive credential leak: thousands of account tokens and repository secrets were exposed, with repercussions across multiple phases of the incident. A post-incident report from Wiz documents the scope and provides insight into how the exfiltration evolved and its impact. 🚨📊

According to the assessment published by Wiz researchers, the breach resulted in the exposure of 2,180 accounts and 7,200 repositories in three distinct phases, with many secrets still valid and risk of continued damageThe white paper provides details on the timeline, the attacker's techniques, and the nature of the leaked secrets. 🔍📈

The Nx Supply Chain Attack ⚠️🚀

Nx is an open-source, single-repository build and management system widely used in enterprise-scale JavaScript/TypeScript ecosystems. With millions of weekly downloads on the NPM registry, a compromised package has a far-reaching impact on numerous integrations and development pipelines. ⚙️

Compromise vector and incident date 📅

On August 26, 2025, the attacker exploited a vulnerable GitHub Actions workflow in the Nx repository to publish a malicious version of the package to NPM. The package included a malicious post-install script named "telemetry.js" that acted as credential-extractor malware on affected systems. 🔥

How telemetry.js malware works 🕵️‍♂️

The telemetry.js malware acted as a credential stealer on Linux and macOS, attempting to steal GitHub tokens, npm tokens, SSH keys, .env files, cryptocurrency wallets, and other secrets, then uploading them to public GitHub repositories named "s1ngularity-repository." This pattern allowed the attacker to centralize and expose the stolen information. 🔐

Prompt LLM used to find and steal credentials and secrets
Prompt LLM to find and exfiltrate credentials and other secrets
Source: Wiz

The attacker also integrated command-line tools for AI platforms (e.g., Claude, Q, and Gemini) to automate search and harvesting using targeted prompts. Wiz documents how the prompt evolved during the attack, optimizing extraction and circumventing model rejections for certain instructions, reflecting the actor's active attunement to LLM techniques. ✨💡

Impact range: damage radius and phases 📈🔥

The incident unfolded in three phases. In the first, between August 26 and 27, compromised versions of Nx directly affected 1,700 users and leaked more than 2,000 unique secrets, in addition to exposing around 20,000 files from infected systems. GitHub intervened, but much of the data had already been duplicated.

  • 🔹 Phase 1 (August 26–27): 1,700 users affected, ~2,000 leaked secrets, 20,000 compromised files.
  • 🔸 Phase 2 (August 28–29): Using leaked tokens to convert private repositories to public ones; 480 additional accounts compromised and 6,700 repositories exposed.
  • 🔹 Phase 3 (from August 31): attack targeting a victim organization using accounts compromised to publish 500 more private repositories.

During the second phase, the attackers used stolen GitHub tokens to make private repositories public and rename them with the string 's1ngularity,' amplifying the exposure. In the third phase, a specific target was exploited to publish hundreds of additional private repositories, demonstrating the attacker's persistence and escalation. 🎯

Overview of the attack and its impact
Visual summary of the s1ngularity attack
Source: Wiz

Nx Project Response and Mitigation 🔧✅

The Nx team published a root cause analysis on GitHub explaining how an injection in the title of a pull request combined with insecure use of pull_request_target allowed arbitrary code to be executed with elevated permissions, triggering the publishing pipeline and facilitating the exfiltration of the npm publishing token. 🛠️

The actions implemented included removing malicious packages, revoking and rotating compromised tokens, and mandating two-factor authentication for all publisher accounts. Additionally, Nx adopted NPM's Trusted Publisher model and added manual approval for PR-triggered workflows. 🔐📌

Quick tips and key points ✏️

  • ✅ Review and rotate tokens and secrets immediately if compromise is suspected.
  • 📌 Avoid unsafe use of pull_request_target and enforce manual approvals on sensitive flows.
  • 🔧 Implement multi-factor authentication and trusted publishing models like Trusted Publisher.
  • ⚡ Monitor public repositories and perform automated secret searches for early detection.

Defining Snippets and FAQs ✨

What is telemetry.js?

telemetry.js is the name of the malicious post-install script included in the compromised version of the Nx package; it acted as a credential stealer on Linux and macOS systems to harvest and exfiltrate secrets to public repositories controlled by the attacker. 🔍

How many accounts and repositories were affected?

According to Wiz's report, the attack exposed 2,180 accounts and 7,200 repositories throughout the three documented phases of the incident, with many secrets still valid and a risk of continued impact. 📊


Picus Blue Report 2025 — cover

461 TP3T environments had compromised passwords, nearly double the 251 TP3T the previous year. Get the Picus Blue Report 2025 for a complete analysis of data exfiltration prevention, detection, and trends. 📈

The report provides metrics, recommendations, and case studies to strengthen defenses and improve response to secret leaks.

Share this:
FacebookLinkedInPinterestXRedditTumblrBlueskyThreadsShare

Related Articles:

  • Armored RDP: Discover the 10 Essential Steps!
    Armored RDP: Discover the 10 Essential Steps! 🚀
    Armored RDP: Follow our ultra-comprehensive 10-step checklist to secure your RDP in 2025 🔒✨ Protect your system now!
  • Dotfiles on GitHub Manage Linux easily and quickly!
    Dotfiles on GitHub: Manage Linux quickly and easily! 🚀💻
    Dotfiles on GitHub save you time and ensure secure backups. Control your Linux with a single click! 💻🔄⚡
  • AGI 5 urgent risks you should know about now
    AGI: The technological revolution that will change your life 🌐🚀
    AGI: The artificial intelligence that seemed like fiction is here. Find out what it means for you. 🤖🌟
  • Password managers
    Password Managers 🚀: The Key to Avoiding…
    Password managers 🔑 are the solution for creating and saving secure passwords effortlessly. Prevent theft with these apps!…
  • AI and Automation Agents Multiply your productivity x5
    AI Agents and Automation: Save Time and…
    AI and automation agents are revolutionizing processes, reducing tasks, and accelerating results for smart businesses.
  • Intel and AMD CPU Equivalents
    Intel and AMD CPU Equivalents
    Looking for Intel and AMD processor equivalents? Find everything you need to know in our dedicated guide. Learn more now!

Related Posts

  • Event ID 1001 Error: Easy fix now! ⚡
  • AI Privacy: Disable Gemini and Copilot in 1 click 🔒
  • AI Agents: How They're Transforming Your Business Today 💡⚡
  • Microsoft Majorana 1: Revolutionizing quantum computing! 🚀
  • ChatBIT: The New Frontier of Chinese Military AI
  • 🔥 Hot Raspberry Pi: Avoid Damage With This Trick ⚠️
  • Install Windows 11 Home without Internet
  • Windows 11 Backup: Avoid Losses Now! ⚠️✨
Tags: CybersecurityEvergreen ContentMalware
Previous Post

Graphics driver optimization: +40 % FPS with a single update.

Next publication

How to detect what's slowing down Windows on your PC: Check now.

MasterTrend Insights

MasterTrend Insights

Our editorial team shares in-depth reviews, tutorials, and recommendations to help you get the most out of your digital devices and tools.

Next publication
How to Detect What's Slowing Down Windows on Your PC - Woman using a laptop with a warning sign, researching how to detect what's slowing down Windows on her PC to fix the slowness and optimize performance.

How to detect what's slowing down Windows on your PC: Check now.

5 1 vote
Article Rating
Subscribe
Access
Notify of
guest
guest
0 Comments
Oldest
Newest Most voted
Online Comments
See all comments

Stay Connected

  • 976 Fans
  • 118 Followers
  • 1.4k Followers
  • 1.8k Subscribers

Don't miss the latest in technology and gaming.
Exclusive tips, how-to guides, and analysis every day.

Subscription Form
  • Tendencies
  • Comments
  • Last
How to add a clock to the Windows 11 desktop: 3 surefire tricks!

How to add a clock to your Windows 11 desktop: Get more done in minutes! ⏱️

May 1, 2025
12 Best Alternatives to Lucky Patcher for Android

Lucky Patcher Alternatives: 12 Better and Easy Apps! 🎮⚡

May 12, 2025
How to save game in REPO

How to save your game in REPO 🔥 Discover the secret to not losing progress

July 7, 2025
How to use AdGuard DNS on Android in 2024

How to use AdGuard DNS on Android in 2025

February 11, 2025
Gmail Features on Android: Save Time with 5 Tips

Gmail Features on Android: 5 Tricks You Didn't Know About! 📱✨

12
Motherboard repair - Repair Motherboards

Notebook Motherboard Repair

10
Install Windows 11 Home without Internet

Install Windows 11 Home without Internet

10
How to Back Up Drivers in Windows 11/10 in 4 Steps!

How to Back Up Drivers in Windows 11/10: Avoid Errors! 🚨💾

10
iPhone Color Filters - Woman holding an iPhone showing Settings > Accessibility with color filters turned on (grayscale, red/green, blue/yellow).

iPhone Color Filters: 3 Steps to Better Reading Now 📱✨

September 7, 2025
Switch 2 vs Switch 1 - Person holding a white Nintendo Switch 2 handheld with the logo on screen, illustrating a Switch 2 vs Switch 1 design comparison.

Switch 2 vs Switch 1: +FPS and 120Hz screen.

September 6, 2025
Oblivion Goblin Wars: Aggressive goblin in a dark cave, screaming and attacking with a spear among stalagmites, chains and bars.

Oblivion Goblin Wars: Steal a Totem, Cause Chaos 💥⏳

September 6, 2025
How to Detect What's Slowing Down Windows on Your PC - Woman using a laptop with a warning sign, researching how to detect what's slowing down Windows on her PC to fix the slowness and optimize performance.

How to detect what's slowing down Windows on your PC: Check now.

September 6, 2025

Recent News

iPhone Color Filters - Woman holding an iPhone showing Settings > Accessibility with color filters turned on (grayscale, red/green, blue/yellow).

iPhone Color Filters: 3 Steps to Better Reading Now 📱✨

September 7, 2025
0
Switch 2 vs Switch 1 - Person holding a white Nintendo Switch 2 handheld with the logo on screen, illustrating a Switch 2 vs Switch 1 design comparison.

Switch 2 vs Switch 1: +FPS and 120Hz screen.

September 6, 2025
5
Oblivion Goblin Wars: Aggressive goblin in a dark cave, screaming and attacking with a spear among stalagmites, chains and bars.

Oblivion Goblin Wars: Steal a Totem, Cause Chaos 💥⏳

September 6, 2025
4
How to Detect What's Slowing Down Windows on Your PC - Woman using a laptop with a warning sign, researching how to detect what's slowing down Windows on her PC to fix the slowness and optimize performance.

How to detect what's slowing down Windows on your PC: Check now.

September 6, 2025
5
MasterTrend News logo

MasterTrend Info is your go-to source for technology: discover news, tutorials, and analysis on hardware, software, gaming, mobile devices, and artificial intelligence. Subscribe to our newsletter and don't miss any trends.

Follow us

Browse by Category

  • Gaming
  • Hardware
  • AI
  • Mobiles
  • News
  • Networks
  • Security
  • Software
  • Tutorials
  • Windows

Recent News

iPhone Color Filters - Woman holding an iPhone showing Settings > Accessibility with color filters turned on (grayscale, red/green, blue/yellow).

iPhone Color Filters: 3 Steps to Better Reading Now 📱✨

September 7, 2025
Switch 2 vs Switch 1 - Person holding a white Nintendo Switch 2 handheld with the logo on screen, illustrating a Switch 2 vs Switch 1 design comparison.

Switch 2 vs Switch 1: +FPS and 120Hz screen.

September 6, 2025
  • About Us
  • Announce
  • Privacy Policy
  • Contact us

Copyright © 2025 https://mastertrend.info/ - All rights reserved. All trademarks are property of their respective owners.

Spanish Spanish
Spanish Spanish
English English
Portuguese Portuguese
French French
Italian Italian
Russian Russian
German German
Chinese Chinese
Korean Korean
Japanese Japanese
Thai Thai
Hindi Hindi
Arabic Arabic
Turkish Turkish
Polish Polish
Indonesian Indonesian
Dutch Dutch
Swedish Swedish
No result
See all results
  • English English
    • Spanish Spanish
    • Portuguese Portuguese
    • French French
    • Italian Italian
    • German German
    • Korean Korean
    • Japanese Japanese
    • Chinese Chinese
    • Russian Russian
    • Polish Polish
    • Indonesian Indonesian
    • Turkish Turkish
    • Hindi Hindi
    • Thai Thai
    • Arabic Arabic
    • Swedish Swedish
    • Dutch Dutch
  • Gaming
  • Hardware
  • AI
  • Mobiles
  • News
  • Networks
  • Security
  • Software
  • Tutorials
  • Windows

Copyright © 2025 https://mastertrend.info/ - All rights reserved. All trademarks are property of their respective owners.

Comment Author Info
:wpds_smile::wpds_grin::wpds_wink::wpds_mrgreen::wpds_neutral::wpds_twisted::wpds_arrow::wpds_shock::wpds_unamused::wpds_cool::wpds_evil::wpds_oops::wpds_razz::wpds_roll::wpds_cry::wpds_eek::wpds_lol::wpds_mad::wpds_sad::wpds_exclamation::wpds_question::wpds_idea::wpds_hmm::wpds_beg::wpds_whew::wpds_chuckle::wpds_silly::wpds_envy::wpds_shutmouth:
wpDiscuz
RedditBlueskyXMastodonHacker News
Share this:
MastodonVKWhatsAppTelegramSMSHacker NewsLineMessenger
Your Mastodon Instance