Hackers Target Popular Nx Build System in First AI-Weaponized Supply Chain Attack - SecurityWeek

Hackers exploited a vulnerable workflow in the Nx build system to achieve code injection and GITHUB_TOKEN theft, enabling the publication of malicious package versions. These malicious packages deployed a post-install script that exfiltrated thousands of sensitive credentials and notably weaponized AI assistants like Claude and Gemini for reconnaissance and data exfiltration.