Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Nx supply-chain developer secret leak via public GitHub repositories

Data Leak
First reported
Last updated
Happening score
H score 26
1 unique sources, 1 articles

Summary

Hide ▲

A supply-chain secret leak exposed more than 1,000 JavaScript developers after stolen data was published into public GitHub repositories, putting GitHub tokens, npm tokens, and other credentials at immediate risk. The exposure window ran overnight on Aug. 26 into Aug. 27, 2025 and affected roughly 20,000 files. Public publication of the stolen material creates a long tail of credential-abuse and account-takeover risk.

Related Happenings

TeamPCP supply-chain credential-exploitation campaign

Campaign
First: 31.03.2026 15:15 Last: 31.03.2026 15:15 Sources 1

About this happening: The **TeamPCP** campaign now includes a confirmed **GitHub** compromise tied to a poisoned **Nx Console VS Code extension**. GitHub said the breach of its internal repositories ca...

Latest development: 12.05.2026 01:03

TeamPCP compromised the Checkmarx Jenkins AST plugin by publishing a rogue version to repo.jenkins-ci.org on May 9, 2026, outside the official release pipeline. The malicious upload was tied to access to Checkmarx GitHub repositories and was used to deliver credential-stealing malware and malicious code to the affected organization.

Open Happening

Trivy environment credentials leak

Data Leak
First: 21.03.2026 19:30 Last: 21.03.2026 19:30 Sources 1

About this happening: The **Trivy** environment credentials leak exposed stolen authentication secrets and helped enable a later compromise, raising the risk of follow-on abuse. The credentials came fr...

Open Happening

Moltbook Supabase database exposure

Data Leak
First: 08.02.2026 09:32 Last: 08.02.2026 09:32 Sources 1

About this happening: A **misconfigured Supabase database** exposed **Moltbook** data, putting **API authentication tokens**, **email addresses**, and **private messages** at risk of unauthorized acces...

Open Happening

Shai-Hulud secrets leak on GitHub

Data Leak
First: 24.11.2025 16:32 Last: 24.11.2025 16:32 Sources 1

About this happening: The **Shai-Hulud** supply-chain malware leak exposed **developer and CI/CD secrets** on **GitHub**, creating immediate reuse risk for credentials taken from compromised developmen...

Open Happening

Widespread GitHub secrets exposure across Forbes AI 50 AI firms

Target Trend
First: 10.11.2025 18:45 Last: 10.11.2025 18:45 Sources 1

About this happening: A **Wiz** study found that **65%** of **50 Forbes AI 50 firms** had exposed verified secrets on **GitHub**, signaling a broad secrets-hygiene gap across leading private AI compani...

Open Happening

Timeline

  1. 28.08.2025 21:39 2 articles · 9mo ago

    Initial report: Nx supply-chain developer secret leak via public GitHub repositories

    Initial Disclosure

    Stolen developer secrets were published into **public GitHub repositories** during the initial exposure window, turning the compromise into an immediately visible data leak. The earliest exposed material included **GitHub tokens**, **npm tokens**, **SSH keys**, **application secrets**, and **cryptocurrency wallet files**.

    Show sources
    Open in new tab