In late August 2025, the open-source software ecosystem was rocked by a sophisticated two-phase supply chain attack, now known as “s1ngularity.” The incident began when attackers exploited a flaw in GitHub Actions workflows for the Nx repository, stealing an NPM publishing token and using it to release malicious versions of Nx packages. These packages carried a hidden malware script—telemetry.js—that targeted developer machines, searching for GitHub tokens, NPM tokens, API keys, SSH keys, crypto wallets, and .env files, then uploading the stolen secrets into public GitHub repositories labeled s1ngularity-repository.
The breach didn’t stop there. In Phase 2, the attackers used the compromised credentials to infiltrate hundreds of GitHub accounts, flipping over 6,700 private repositories to public, exposing sensitive intellectual property, AI service credentials, and cloud platform secrets. In some cases, they even modified shell startup files to crash developer systems. Most alarming of all, this attack marked the first documented weaponization of AI coding assistants—including Claude, Gemini, and Amazon Q—as automated data-harvesting tools. The attackers issued detailed prompts through AI CLIs, instructing them to search recursively for sensitive data, effectively turning trusted developer AI tools into accomplices.
While many compromised GitHub tokens have since been revoked, a worrying percentage of stolen NPM tokens remain valid, extending the potential blast radius. The s1ngularity incident underscores the growing risks in today’s software supply chain, where open-source dependencies, developer machines, CI/CD pipelines, and AI assistants all create new points of vulnerability.
This episode unpacks how the attack unfolded, why it’s being called a watershed moment in AI-driven cybercrime, and what organizations must do to defend against similar threats. From secret management and secure pipelines to AI usage policies and SBOM adoption, we explore the urgent measures needed to secure the future of software development against the next evolution of supply chain attacks.
#s1ngularity #SupplyChainAttack #Nx #NPM #GitHub #AIExfiltration #Claude #Gemini #Cybersecurity #OpenSourceSecurity #SecretsManagement #CI_CD #SoftwareSupplyChain #DevSecOps
