{"id":67581,"date":"2025-09-06T19:54:30","date_gmt":"2025-09-06T22:54:30","guid":{"rendered":"https:\/\/mastertrend.info\/?p=67581"},"modified":"2026-01-21T01:05:13","modified_gmt":"2026-01-21T04:05:13","slug":"tekillik-filtrelemesi","status":"publish","type":"post","link":"https:\/\/mastertrend.info\/tr\/filtracion-s1ngularity\/","title":{"rendered":"S1ngularity filtreleme: 2.180 hesap ve 7.200 depo."},"content":{"rendered":"

S1ngularity s\u0131z\u0131nt\u0131s\u0131: GitHub ve NPM etkilendi \ud83d\udea8<\/h2>\n
\n

\"GitHub<\/p>\n

Nx'e y\u00f6nelik "s1ngularity" ad\u0131 verilen tedarik zinciri sald\u0131r\u0131s\u0131na y\u00f6nelik son ara\u015ft\u0131rmalar, b\u00fcy\u00fck bir kimlik bilgisi s\u0131z\u0131nt\u0131s\u0131n\u0131 ortaya \u00e7\u0131kard\u0131: binlerce hesap token'\u0131 ve depo s\u0131rr\u0131 if\u015fa oldu ve olay\u0131n bir\u00e7ok a\u015famas\u0131na yans\u0131d\u0131. Wiz'in olay sonras\u0131 raporu, kapsam\u0131n\u0131 belgeliyor ve s\u0131z\u0131nt\u0131n\u0131n nas\u0131l geli\u015fti\u011fine ve etkisine dair bilgiler sunuyor. \ud83d\udea8\ud83d\udcca<\/p>\n

Wiz ara\u015ft\u0131rmac\u0131lar\u0131 taraf\u0131ndan yay\u0131nlanan de\u011ferlendirmeye g\u00f6re, ihlal \u00fc\u00e7 ayr\u0131 a\u015famada 2.180 hesab\u0131n ve 7.200 depolama alan\u0131n\u0131n a\u00e7\u0131\u011fa \u00e7\u0131kmas\u0131na neden oldu ve bir\u00e7ok s\u0131r hala ge\u00e7erlili\u011fini koruyor. devam eden hasar riski<\/a>Beyaz b\u00fcltende zaman \u00e7izelgesi, sald\u0131rgan\u0131n teknikleri ve s\u0131zd\u0131r\u0131lan s\u0131rlar\u0131n niteli\u011fi hakk\u0131nda ayr\u0131nt\u0131lar yer al\u0131yor. \ud83d\udd0d\ud83d\udcc8<\/p>\n

Nx Tedarik Zinciri Sald\u0131r\u0131s\u0131 \u26a0\ufe0f\ud83d\ude80<\/h2>\n

Nx, kurumsal \u00f6l\u00e7ekli JavaScript\/TypeScript ekosistemlerinde yayg\u0131n olarak kullan\u0131lan, a\u00e7\u0131k kaynakl\u0131, tek depolu bir derleme ve y\u00f6netim sistemidir. NPM kay\u0131t defterinde haftal\u0131k milyonlarca indirmeyle, tehlikeye at\u0131lm\u0131\u015f bir paketin \u00e7ok say\u0131da entegrasyon ve geli\u015ftirme s\u00fcreci \u00fczerinde geni\u015f kapsaml\u0131 bir etkisi vard\u0131r. \u2699\ufe0f<\/p>\n

Uzla\u015fma vekt\u00f6r\u00fc ve olay tarihi \ud83d\udcc5<\/h3>\n

El 26 de agosto de 2025, el actor malicioso explot\u00f3 un flujo de trabajo de GitHub Actions vulnerable en el repositorio de Nx para publicar una versi\u00f3n maliciosa del paquete en NPM. El paquete inclu\u00eda un script post-install malicioso llamado \u00abtelemetry.js\u00bb que actu\u00f3 como k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m<\/a> extractor de credenciales en los sistemas afectados. \ud83d\udd25<\/p>\n

Telemetry.js k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131 nas\u0131l \u00e7al\u0131\u015f\u0131r \ud83d\udd75\ufe0f\u200d\u2642\ufe0f<\/h3>\n

Telemetry.js k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131, Linux ve macOS'ta kimlik bilgisi h\u0131rs\u0131z\u0131 gibi davranarak GitHub token'lar\u0131n\u0131, npm token'lar\u0131n\u0131, SSH anahtarlar\u0131n\u0131, .env dosyalar\u0131n\u0131, kripto para c\u00fczdanlar\u0131n\u0131 ve di\u011fer gizli bilgileri \u00e7almaya ve ard\u0131ndan bunlar\u0131 "s1ngularity-repository" adl\u0131 genel GitHub depolar\u0131na y\u00fcklemeye \u00e7al\u0131\u015ft\u0131. Bu model, sald\u0131rgan\u0131n \u00e7al\u0131nan bilgileri merkezile\u015ftirip if\u015fa etmesine olanak sa\u011flad\u0131. \ud83d\udd10<\/p>\n

\n
\"Kimlik
LLM'de kimlik bilgilerini ve di\u011fer s\u0131rlar\u0131 bulup s\u0131zd\u0131rmak<\/strong>
\nKaynak: Wiz<\/em><\/figcaption><\/figure>\n<\/div>\n

Sald\u0131rgan ayr\u0131ca, hedefli komut istemlerini kullanarak arama ve veri toplamay\u0131 otomatikle\u015ftirmek i\u00e7in yapay zeka platformlar\u0131 (\u00f6rne\u011fin Claude, Q ve Gemini) i\u00e7in komut sat\u0131r\u0131 ara\u00e7lar\u0131n\u0131 da entegre etti. Wiz, komut isteminin sald\u0131r\u0131 s\u0131ras\u0131nda nas\u0131l geli\u015fti\u011fini, belirli talimatlar i\u00e7in veri \u00e7\u0131karmay\u0131 nas\u0131l optimize etti\u011fini ve model retlerini nas\u0131l a\u015ft\u0131\u011f\u0131n\u0131 belgeliyor ve sald\u0131rgan\u0131n LLM tekniklerine aktif uyumunu yans\u0131t\u0131yor. \u2728\ud83d\udca1<\/p>\n

Etki menzili: hasar yar\u0131\u00e7ap\u0131 ve a\u015famalar\u0131 \ud83d\udcc8\ud83d\udd25<\/h2>\n

Olay \u00fc\u00e7 a\u015famada ger\u00e7ekle\u015fti. \u0130lk a\u015famada, 26-27 A\u011fustos tarihleri aras\u0131nda, Nx'in ele ge\u00e7irilmi\u015f s\u00fcr\u00fcmleri 1.700 kullan\u0131c\u0131y\u0131 do\u011frudan etkiledi ve 2.000'den fazla benzersiz s\u0131rr\u0131n s\u0131zd\u0131r\u0131lmas\u0131na neden oldu; ayr\u0131ca, enfekte olmu\u015f sistemlerden yakla\u015f\u0131k 20.000 dosya if\u015fa edildi. GitHub m\u00fcdahale etti, ancak verilerin \u00e7o\u011fu zaten kopyalanm\u0131\u015ft\u0131.<\/p>\n