AI News

Popular npm Package Hijacked in Novel AI Supply Chain Attack

Malicious versions of the 'Nx' developer tool weaponized local AI coding assistants to steal credentials and cryptocurrency wallets from developers.

Olivia Sharp 2 min read 533 views
Free
A sophisticated supply chain attack on August 29 hijacked the popular 'Nx' npm package, using malicious prompts to turn developers' own AI coding assistants into data-stealing agents.

A sophisticated supply chain attack discovered on August 29, 2025, demonstrated for the first time how malware can weaponize the local AI coding assistants used by software developers. The attack targeted 'Nx', a popular open-source build platform, turning trusted AI tools into autonomous agents for reconnaissance and data theft.

A New Frontier in Attacks

Security researchers at StepSecurity called the incident a "new frontier in supply chain attacks." According to their report, a threat actor published eight malicious versions of Nx components to the npm package repository on August 26 and 27. The malicious packages were live for approximately …

Archive Access

This article is older than 24 hours. Create a free account to access our 7-day archive.

Sign Up for Free Archive Access Already have an account? Log in

Share this article

#automation #tools #enterprise

Related Articles