The NX S1ingularity Attack: Secrets in Plain Sight

https://is1-ssl.mzstatic.com/image/thumb/Podcasts211/v4/20/69/48/20694887-9f9d-ff51-714f-501bb4159412/mza_8945796113236339360.jpg/600x600bb.jpg

Bad Dependencies Podcast

Mackenzie Jackson

8 episodes

5 days ago

Welcome to Bad Dependencies, the podcast where the digital supply chain gets audited in real-time. Hosted by security researchers Charlie Erikson and Mackenzie Jackson from Aikido Security, this bi-weekly show dives deep into the wildest, weirdest, and most dangerous malware found lurking in package registries like NPM and PyPI. From image-based payloads to AI-generated code noise, nothing is off-limits as Charlie and Mackenzie explore the bleeding edge of software supply chain attacks. Whether you’re a developer, security enthusiast, or just malware-curious, Bad Dependencies will open your ey

Technology

RSS

All content for Bad Dependencies Podcast is the property of Mackenzie Jackson and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

https://d3t3ozftmdmh3i.cloudfront.net/staging/podcast_uploaded_nologo/43802306/43802306-1748868151508-47df53ea4807e.jpg

The NX S1ingularity Attack: Secrets in Plain Sight

Bad Dependencies Podcast

19 minutes 53 seconds

2 months ago

The NX S1ingularity Attack: Secrets in Plain Sight

Charlie Erkson and Mackenzie Jackson return with breaking news on one of the wildest supply chain compromises to date. The popular NX packages—with millions of weekly downloads—were hijacked, and attackers used an LLM-powered malware to crawl systems for secrets like GitHub and NPM tokens. Even stranger, instead of exfiltrating data to a private server, the stolen information was dumped into public GitHub repositories, exposing sensitive credentials for anyone to see.

In this episode of Bad Dependencies, the hosts unpack:

How the NX compromise happened and why it’s uniquely reckless.
The bizarre use of LLMs for system enumeration.
Why publishing secrets to public repos raises the stakes for everyone.
The remediation steps users must take if they were affected.
Broader implications for the future of software supply chain security.

Is this careless malware, or was the chaos intentional? Tune in for analysis, insights, and some grim humor as the hosts dissect a case study in just how bad things can get when package compromises go wrong.