A novel npm supply chain attack used hidden prompts to instruct local AI CLI tools to find and exfiltrate credentials and crypto-wallet keys

campuscodi@mastodon.social

~1,400 users got hacked this way

Supply Chain Security Alert: Popular Nx Build System Package Compromised with Data-Stealing Malware - StepSecurity

Nx package on npm hijacked to steal cryptocurrency wallets, GitHub/npm tokens, SSH keys, and environment secrets - and is the first documented case of malware weaponizing AI CLI tools for reconnaissance and data exfiltration.

(www.stepsecurity.io)

s1ngularity: supply chain attack leaks secrets on GitHub: everything you need to know | Wiz Blog

Detect and mitigate a critical supply chain compromise affecting the Nx NPM Package. Organizations should act urgently.

wiz.io (www.wiz.io)

Nx npm Packages Compromised in Supply Chain Attack Weaponizi...

Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malwa...

Socket (socket.dev)

Citiverse

Navigazione

Account

Navigazione

Account

A novel npm supply chain attack used hidden prompts to instruct local AI CLI tools to find and exfiltrate credentials and crypto-wallet keys

Supply Chain Security Alert: Popular Nx Build System Package Compromised with Data-Stealing Malware - StepSecurity

s1ngularity: supply chain attack leaks secrets on GitHub: everything you need to know | Wiz Blog

Nx npm Packages Compromised in Supply Chain Attack Weaponizi...

JuiceBox Rescue: Freeing Tethered EV Chargers From Corporate Overlords

Til Linderman - Mein Herz Brennt

#Leoncavallo, costruiamo un grande corteo per un'altra #Milano.

#Battistelli: 'Il #Leonka viva, la #Scala vada a suonar lì davanti'.

Si sta alzando un gran vento, temperature in netto calo, piovischia, ma le previsioni sono di pioggia intensa per le prossime 24 ore.

A New Screen Upgrade for the GBA