Sign in Create account

#s1ngularity — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #s1ngularity, aggregated by home.social.

Johannes Schnatterer @[email protected] · 2025-09-18 · 16:45 UTC

TLDR recent #npm supply chain attacks
🗓️ 26 Aug: #nx packages compromised stealing SSH keys, npm tokens, and .gitconfig files and weaponized AI CLI tools 😱 upload to repo named #S1ngularity
HackerNews: https://news.ycombinator.com/item?id=45034496
GHSA-cxm3-wv7p-598c: https://github.com/nrwl/nx/security/advisories/GHSA-cxm3-wv7p-598c
🗓️ 8 Sep: #chalk, #debugjs and other packages by maintainer #qix (junon) compromised. They handled this very transparently 👍️
See
HackerNews: https://news.ycombinator.com/item?id=45169794
CVE-2025-59144: https://github.com/advisories/GHSA-4x49-vf9v-38px

#npm #nx #s1ngularity #chalk #qix #debugjs
Pyrzout :vm: @[email protected] · 2025-09-09 · 10:00 UTC

Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack – Source: www.securityweek.com https://ciso2ciso.com/over-6700-private-repositories-made-public-in-nx-supply-chain-attack-source-www-securityweek-com/ #rssfeedpostgeneratorecho #SupplyChainSecurity #CyberSecurityNews #securityweekcom #secretssprawl #securityweek #S1ngularity #supplychain #GitHub

#rssfeedpostgeneratorecho #supplychainsecurity #cybersecuritynews #securityweekcom #secretssprawl #securityweek