All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Nx Build Kit Security Breach: Malware Steals Wallets and Credentials via GitHub Repositories

By

neuroo

9mo ago· 4 min readenNews
Bagel score 85 of 100
85/100
Golden Brown
Bagelometer

Crackling crust, pillowy middle. The kind of bagel that earns a second cup of coffee.

Score85TypenewsSentimentnegative

Summary

A security breach has been discovered in the popular Nx build kit where malicious post-install commands create unauthorized repositories named 's1ngularity-repository' in GitHub accounts. The malware steals sensitive information including cryptocurrency wallets, API keys, .npmrc files, and environment variables, then stores them in a results.b64 file. The attack leverages AI CLI tools like Claude Code CLI or Gemini CLI to offload fingerprintable code through prompts, making detection more difficult. At least 1,400 users have been affected by this ongoing security incident.

Key quotes

· 4 pulled
At least 1.4k people are learning today that they have a new repository prefixed by s1ngularity-repository in their GitHub account
This repository was created by a malicious post-install command discovered in the popular nx build kit
That malware steals wallets and API keys (.npmrc, env variables, etc.) and pushes them in that repository in the results.b64 file
The malware checks for the presence of Claude Code CLI or Gemini CLI on the system to offload much of the fingerprintable code to a prompt
Snippet from the RSS feed
What is s1ngularity-repository? Nx is compromised and the malware steals wallets and API keys using Claude CLI or Gemini.

You might also wanna read

AI-Generated npm Package Leaks Its Own GitHub Token, Exposing Malware Operator

A malicious npm package named mouse5212-super-formatter, identified by OX Security, was caught leaking its own hardcoded GitHub token. This

infosecurity-magazine.com·2d ago

npm malware targeting Claude users leaks own GitHub token, reaches 676 downloads

An npm package called "mouse5212-super-formatter" targeting Claude users acted as information-stealing malware, reaching 676 downloads befor

theregister.com·2d ago

Microsoft uncovers supply chain attack: Compromised @antv npm packages steal CI/CD credentials via Mini Shai-Hulud malware

Microsoft has identified an active supply chain attack targeting the @antv npm package ecosystem. A threat actor compromised an @antv mainta

microsoft.com·1d ago

Microsoft uncovers npm supply chain attack stealing cloud and CI/CD credentials via typosquatted packages

Microsoft identified an active supply chain attack (Mini Shai-Hulud campaign) targeting the npm package ecosystem. On May 28, 2026, a threat

microsoft.com·3d ago

176 malicious npm packages used dependency confusion to target internal dependencies and steal credentials

Sonatype researchers uncovered a campaign involving 176 malicious npm packages using a dependency confusion attack strategy. Attackers publi

sonatype.com·3d ago

Glassworm Malware Campaign Targets Developers via npm, PyPI, OpenVSX, and GitHub

Glassworm is a dangerous malware campaign targeting software developers by abusing trusted platforms including npm, PyPI, OpenVSX, and GitHu

cybersecuritynews.com·5d ago