this post was submitted on 16 Sep 2025

65 points (100.0% liked)

Technology

77873 readers

3090 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

L3s@lemmy.world

enu@lemmy.world

technopagan@lemmy.world

L4s@lemmy.world

L3s@hackingne.ws

L4s@hackingne.ws

S1ngularity/nx attackers strike again (www.aikido.dev)

submitted 3 months ago by Brkdncr@lemmy.world to c/technology@lemmy.world

12 comments fedilink hide all child comments

This morning, we were alerted to a large-scale attack against npm. This appears to the be work of the same threat actors behind the Nx attack on August 27th 2025. This was originally published by Socket and StepSecurity who noted 40 packages had been comrpomised, since then an additional 147 packages have been infected with malware including packages from CrowdStrike.

The scale, scope and impact of this attack is significant. The attackers are using the same playbook in large parts as the original attack, but have stepped up their game. They have turned it into a full worm, which does these things automatically:

Steal secrets and publish them to GitHub publicly

Run trufflehog and query Cloud metadata endpoints to gather secrets

Attempt to create a new GitHub action with a data exiltration mechanism through webhook[.]site

Iterate the repositories on GitHub a user has access to, and make them public

Since our initial alert this morning we’ve confirmed the following additional behaviours and important details. For those that don't know, Shai Hulud is the name for the worm in the Dune franchise. A clear indication of the intent of the attackers.

all 16 comments

sorted by: hot top controversial new old

[–] SomethingBurger@jlai.lu 12 points 3 months ago

"No way to prevent this", says only package manager to which this regularly happens

[–] fxdave@lemmy.ml 11 points 3 months ago* (last edited 3 months ago) (2 children)

Keep your secrets:

alias npm="docker run -it --rm -v $(pwd):/app -w /app node:latest npm"

Not enough, but better than nothing.

[–] panda_abyss@lemmy.ca 4 points 3 months ago* (last edited 3 months ago) (2 children)

I thought I was crazy for doing this, but it’s good to know I’m not the only one.

This won’t protect your .env files though, right?

ETA: I’m surprised BSD jails haven’t gained more ground — at this point I’m running a ton of containers.

[–] socphoenix@midwest.social 2 points 3 months ago* (last edited 3 months ago)

I use bsd containers for everything but home assistant on my home server and love them! The downside for most people at the moment is having to set them up manually. I can export the thin jail and move the archive across computers as backups and the fine tuned control is beautiful. FreeBSD offers a way to check for security vulnerabilities in installed packages (pkg audit -F) that I run as a cron job and email myself daily to check for needed updates.

Problem is most people want a single docker install and it’s all set up, not something that needs manual configuration. Bastille has templates that can do this for bsd jails but there’s not a lot of services with templates.

Edit: also frustrating is a lot of new apps for home servers only offer a docker install so installing from source becomes a huge pita and makes bsd jails harder to use (looking at you gramps-web specifically).

[–] fxdave@lemmy.ml 2 points 3 months ago

This won’t protect your .env files though, right?

Right, but my machine is safe at least.

[–] voronaam@lemmy.world 1 points 3 months ago (1 children)

Good idea. I wonder if nx and pnpm could be ran like that as well

[–] fxdave@lemmy.ml 1 points 3 months ago* (last edited 3 months ago)

It's possible. For pnpm package cache you need to attach another volume, and another for globally installed packages.

[–] Brkdncr@lemmy.world 11 points 3 months ago

This is probably the biggest hack of the year. As of the writing it had infected 140+ packages including some from big names like CrowdStrike. npm is in a LOT of things, and this thing is a true worm.

[+] A_A@lemmy.world -15 points 3 months ago* (last edited 3 months ago) (2 children)

[removed by mod]

[–] lennivelkant@discuss.tchncs.de 2 points 3 months ago (1 children)

Why do you tell us that?

[+] A_A@lemmy.world 1 points 3 months ago (1 children)

[removed by mod]

[–] lennivelkant@discuss.tchncs.de 1 points 3 months ago* (last edited 3 months ago)

Easy there, you're making a bunch of assumptions and accusations here. For starters, I do understand how spoilers work, I read the spoilers and I don't think it adds a lot of value to the conversation.

I'm technically from a CS background, but not in the field relevant to this post. I also don't think people assume this topic to be basic. I happen to understand about 80% of it, but only ever have contact with about 20%, and that's despite working in a CS-related field myself. And yes, I'll keep using that abbreviation, because it's convenient and I know that you understand it.

The short answer to "how does this affect me?" is "if you don't know what npm is it, it doesn't affect you".

The intention of the blog article and the post sharing it is to get a specific warning out to a specific technical group. This group doesn't want to scroll past three paragraphs of context they already know to get to the parts that matter. They can't cater to every audience, so they prioritise the people that can do something with their understanding.

Unfortunately, that means that other people are left out of the conversation, because frankly, they have nothing to contribute. That's neither malice nor arrogance, but simply expediency.

However, you're welcome to ask! Chances are, someone will be happy to answer and fill you in on the background. More specifically, someone may be able to give a subject-specific explanation. Most importantly, that explanation will be more reliable if it comes from a human familiar with the topic.

Chatbots, no matter how diligently made to look like they know stuff, don't and can't know anything except the likelihood certain words occur together. They don't have the required structure to understand the concepts behind the words. At best, they have memorised hundreds of generic explanations they can reconstruct, and hopefully that reconstruction will be accurate. But how would you know? You yourself don't have the expertise to tell if they're right.

And because they don't understand the concepts, they also can't reliably connect the dots the way a human can. The more dots to connect, the greater the chance something will go awry. The bot can't tell you "I don't know" if it doesn't understand what it means to know. It will generate a text that looks plausible, and you can't verify whether it's actually true.

In the interest of actually getting a useful understanding, ask humans. The answer might look something like this:

NPM packages are boxes of highly specialised supplies and tools. NPM itself is an assistant that keeps your supplies stocked and your tools in shape. You tell it what you want for your project and it'll make sure you have it.

The thing this post is about is a kind of evil robot that hides in these boxes. When your friendly NPM helper restocks, the robot crawls out of the box and starts exploring your workshop. It tells others what you're building, what it looks like, shares any secret technology you're using, creates and sends out copies of your keys – anything you've got lying around, it will attempt to make available for the people that built it.

The worst thing is that it'll build copies of itself and hide them in any boxes you create and send out to other people. If one supplier ships to five others, that's five more recipients under attack. If two of them also ship out to five other people each, that's another ten. And it gets bigger and bigger from here.

So there we have it: An evil robot stealing your secrets and sending clones to anyone who trusts your product.

We realise we're not mundane. We just don't have the time to explain everything all the time. That's a problem all sciences (and many other disciplines) face: When you're working in a deep well, you can't come up to the surface after every step of your work or you'll never get anything done.

For CS, it's probably more visible because the field is fairly young, rapidly changing, pretty large and the "basics" aren't taught anywhere near as much as those of other, more well-established sciences.

But if you ask, there's a chance someone is available to help you out. Be friendly, and they're more likely to be friendly back.

I understand you care about making knowledge accessible and I applaud that. I acknowledge that CS has a long way to go still on that front. Let's work on it together, shall we?

Kind regards, LVK