The Nx “s1ngularity” Attack: Inside the Credential Leak – Source: securityboulevard.com

This supply chain attack combines credential theft, environmental sabotage, and novel attack vectors, offering a glimpse into future threats. The malicious Nx packages systematically scanned infected systems for valuable credentials, including GitHub tokens, npm authentication keys, SSH private keys, environment variable API keys, and cryptocurrency wallet files. The scanning routines searched common file locations and environment variables, demonstrating a comprehensive approach to credential harvesting to facilitate lateral movement.

Once harvested, stolen credentials underwent a double-base64 encoding process before exfiltration to public GitHub repositories following a distinctive “s1ngularity-repository” naming pattern, each containing a single “results.b64” file with the encoded data. This encoding choice suggests an attempt to evade basic detection mechanisms while maintaining data integrity during the GitHub-based exfiltration process.

According to external research, the attackers also implemented destructive payloads that modified users’ shell startup files (~/.bashrc and ~/.zshrc) with shutdown commands, creating systems that would crash when new terminal sessions were opened.

One particularly novel element was the attempt to leverage LLM (Large Language Model) clients as vectors for enumerating secrets on victims’ machines. The attackers specifically targeted configuration files and authentication tokens related to popular AI CLI tools like Claude, Gemini, and Q, recognizing that these tools often require elevated permissions and access to sensitive development environments. 

GitGuardian’s Public Monitoring: What We Found

While most “s1ngularity-repository” exfiltration repos were rapidly deleted by GitHub, GitGuardian’s monitoring infrastructure provides unique visibility into these ephemeral artifacts. Because GitGuardian sees everything that happens on GitHub—including deleted files, and repositories—we were able to analyze the actual exfiltrated data, assess which secrets were exposed, and validate their status.

At the time of writing, our platform lists 1,346 repositories whose names contain the string “s1ngularity-repository”. GitHub, meanwhile, lists only about ten repositories. This indicates two interesting things: the repositories are being deleted, and developers are continuing to use the vulnerable package.

Out of these repositories, we detected that 1,079 of them contain at least a secret leaked between August 27, 2025 at 00:32:48 and August 27, 2025 at 15:36:57.

In total, this represents 2,349 distinct secrets. The most common types of credentials we found correspond to GitHub, NPM, AWS, and OpenAI. They all appear to be related to nx’s orchestration capabilities.

Half of these secrets were valid at the time of writing. The most numerous are GitHub OAuth App Keys. This result, surprising at first glance, is in fact linked to the functioning of nx, for which a GitHub application exists and facilitates interactions between NX Cloud and GitHub.

The fact that these secrets are still valid raises interesting questions on both the offensive and defensive sides.

First of all, it must be noted that exfiltration on GitHub is effective. At the height of the wave, nearly 1,400 repositories were publicly accessible via GitHub. It’s a safe bet that the attacker retrieved them all in time before they were deleted, not to mention opportunistic attackers who took an interest in this leak. Our initial investigations indicate that he is now in a position to attack large companies whose infrastructure secrets, such as Artifactory, are at his mercy.

On the defensive side, we can only note the obvious delay in revoking the leaked secrets. While most of these secrets are no longer publicly accessible, they remain valid. It is highly likely that developers are unaware of the leaked secrets and have therefore not revoked them.Although we know the names of the repositories that leaked secrets, it is likely that they will never be revoked or rotated. To go beyond this analysis, our teams are mobilized to attribute these secrets to companies in order to make responsible disclosure.

From s1ngularity to Reality

A critical challenge emerges when developers discover exposed secrets, they often delete the files or commits containing the credentials but fail to revoke the actual secrets. 

The Nx case is interesting because it shows unequivocally that simply deleting data is not enough. It is necessary to revoke the associated secrets. For a company, this means that it must now be able to inventory its secrets across all systems, automate rotation workflows at scale, and maintain comprehensive visibility into where credentials are used—not just where they’re stored. 

The ability to rapidly detect exposure, validate impact, and execute coordinated revocation across thousands of non-human identities has become the new baseline for resilient software delivery in an era where supply chain attacks can weaponize leaked credentials within hours of discovery.

*** This is a Security Bloggers Network syndicated blog from GitGuardian Blog – Take Control of Your Secrets Security authored by Guillaume Valadon. Read the original post at: https://blog.gitguardian.com/the-nx-s1ngularity-attack-inside-the-credential-leak/