David Vasandani
boosted
BleepingComputer: AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack
BleepingComputer: AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack
Vibe-coded build system NX gets hacked, steals vibe-coders’ crypto
a clown car of clown cars that deploys another clown car, that explodes
AI coding in your supply chain is a red flag. If any of your upstream dependencies has a .cursor folder, they're frickin' morons, and you need to remove that dependency pronto. Friends don’t let friends run vibe code.
https://www.youtube.com/watch?v=vnFKkBBzpVg&list=UU9rJrMVgcXTfa8xuMnbhAEA - video
https://pivottoai.libsyn.com/20250829-vibe-coded-build-system-nx-steals-vibe-coders-crypto - podcast
https://pivot-to-ai.com/2025/08/29/vibe-coded-build-system-nx-gets-hacked-steals-vibe-coders-crypto/ - text
@davidgerard @baldur a few years back I switched from #nx to moonrepo precisely because the NX developers seemed like a clown show - ignoring raised bugs, shipping fast and breaking things almost monthly.
This has absolutely not surprised me it happened with them
David Gerard
boosted
2/ i wrote a short-ish "note" over on The Blogging Site That Shall Not Be Named in an attempt to explain to the less technologically sophisticated people in the audience what just happened with the #nx / #npm supply chain attack.
* my simplified explanation: https://substack.com/profile/96801203-michel-de-cryptadamus/note/c-149738571
* for the trve heads with opinions on things like linux distros and the Rust programming language, Wiz wrote a much more thorough explanation: https://www.wiz.io/blog/s1ngularity-supply-chain-attack
#crypto #cryptocurrency #nodejs #node #threatintel #northkorea #lazarusgroup#DPRK #hackers #hacking #ethereum #claude #gemini
David Gerard
boosted
everyone calm down, the enormous #NPM supply chain attack of the incredibly popular (27,000 #github stars) #nx#AI build tool thingamajig is probably aimed solely at crypto bros. if you don't have any crypto you (hopefully) don't have anything to worry about.
my fact free, completely unsupported by evidence hunch is that we will find this came from #NorthKorea (because if it's a well orchestrated attempt to steal a bunch of crypto it's pretty much always north korea).
https://universeodon.com/@cryptadamist/115102035321832152
#crypto #cryptocurrency #ethereum #npm #nodejs #node #js#javascript#webdev#DPRK#LazarusGroup #cybersecurity #infosec #threatintel #claude #gemini
everyone calm down, the enormous #NPM supply chain attack of the incredibly popular (27,000 #github stars) #nx#AI build tool thingamajig is probably aimed solely at crypto bros. if you don't have any crypto you (hopefully) don't have anything to worry about.
my fact free, completely unsupported by evidence hunch is that we will find this came from #NorthKorea (because if it's a well orchestrated attempt to steal a bunch of crypto it's pretty much always north korea).
https://universeodon.com/@cryptadamist/115102035321832152
#crypto #cryptocurrency #ethereum #npm #nodejs #node #js#javascript#webdev#DPRK#LazarusGroup #cybersecurity #infosec #threatintel #claude #gemini
2/ i wrote a short-ish "note" over on The Blogging Site That Shall Not Be Named in an attempt to explain to the less technologically sophisticated people in the audience what just happened with the #nx / #npm supply chain attack.
* my simplified explanation: https://substack.com/profile/96801203-michel-de-cryptadamus/note/c-149738571
* for the trve heads with opinions on things like linux distros and the Rust programming language, Wiz wrote a much more thorough explanation: https://www.wiz.io/blog/s1ngularity-supply-chain-attack
#crypto #cryptocurrency #nodejs #node #threatintel #northkorea #lazarusgroup#DPRK #hackers #hacking #ethereum #claude #gemini
everyone calm down, the enormous #NPM supply chain attack of the incredibly popular (27,000 #github stars) #nx#AI build tool thingamajig is probably aimed solely at crypto bros. if you don't have any crypto you (hopefully) don't have anything to worry about.
my fact free, completely unsupported by evidence hunch is that we will find this came from #NorthKorea (because if it's a well orchestrated attempt to steal a bunch of crypto it's pretty much always north korea).
https://universeodon.com/@cryptadamist/115102035321832152
#crypto #cryptocurrency #ethereum #npm #nodejs #node #js#javascript#webdev#DPRK#LazarusGroup #cybersecurity #infosec #threatintel #claude #gemini