Cybersecurity Today
Host: David Shipley
Episode: 1,000 Developers Compromised By NX Build System Breach
Date: September 2, 2025
Episode Overview
In this episode, David Shipley delves into a surge of alarming cybersecurity incidents impacting developers and major enterprises. He highlights risks introduced by AI-powered development, sophisticated attacks against software supply chains, MFA-related phishing campaigns by nation-state actors, and a wave of data breaches tied to compromised integrations. The focus: how attackers are weaponizing automation and AI — and what organizations must do to defend themselves.
Key Discussion Points and Insights
1. Mass Compromise via NX Build System Breach
- Incident Summary:
Over 1,000 developers found their GitHub accounts compromised after attackers hijacked the NX build system, obtaining an NPM publishing token and releasing malicious versions of NX packages and plugins. - Malware Mechanics:
- Victims infected with a script called Telemetry JS.
- The script used AI tools (Claude, Code Gemini, Amazon Q) to scan for secrets on developer machines (GitHub/NPM tokens, SSH keys, app secrets, cryptocurrency wallets).
- Impact:
- Public GitHub repositories were created in victims' accounts (e.g., “Singularity-Repository”), leaking ~20,000 files.
- Shell startup files were sabotaged so terminals would crash on launch, hampering incident response.
- Though NPM and GitHub acted quickly, 90% of stolen tokens remained active.
- Key Quote:
"It started with a hijacking of the popular NX build system... Telemetry JS ... leveraged AI command line tools ... to scour local machines for high value secrets." — David Shipley [01:00]
2. AI Hallucinations Create New Attack Vectors
- New Research:
Large language models (e.g., Code Gemini, Claude) were found to frequently hallucinate package names in prompts:- Commercial models: 5.2% hallucination rate
- Open-source models: 21.7%
- Over 205,000 fake package names generated in tests.
- Attack Method: Slop squatting — attackers pre-register these non-existent, AI-invented package names. Developers who trust AI suggestions can unwittingly download malware.
- Key Quote:
“In tests covering 1.15 million prompts, commercial models invented non-existent packages 5.2% of the time, and open source models did so a staggering 21.7% of the time.” — David Shipley [03:40]
3. Amazon Q VSCode Extension Incident
- Attack Details:
A malicious pull request slipped into Amazon Q’s developer extension for Visual Studio Code pulled a script directing the AI assistant to wipe the user's home directory and delete AWS resources. - Response:
The rogue extension existed for two days before being removed. AWS revoked credentials and updated the extension. - Attacker's Motive:
The hacker claimed it was a "dangerous stunt ... to expose lax security reviews." - Key Quote:
“A script ... instructing it to wipe the user's home directory and delete AWS resources. The attacker later said this dangerous stunt was meant to expose lax security reviews.” — David Shipley [05:07]
4. The Growing Risks of AI in Development
- Industry-wide concern:
AI accelerates both productivity and vulnerabilities; attackers automate compromises and scale their attacks rapidly. - Takeaway:
Without “robust security by design,” AI-powered tools expose firms to catastrophic risks. - Key Quote:
"AI is not going away, but repeating all of the sins of our past approaches to modern technology. Security is yielding the same awful results, but at greater speed. Chaos and Harm." — David Shipley [06:18]
5. Sitecore Experience Platform Vulnerabilities
- Vulnerabilities:
Three new flaws discovered by Watchtower Labs can be chained for remote code execution:- CVE-2025-53693: Cache poisoning
- CVE-2025-53691: Insecure deserialization
- CVE-2025-53694: Cache key enumeration via Item Service API
- Mitigations:
Patches released in June and July. Companies using Sitecore should:- Apply patches
- Restrict Item Service API access
- Change default credentials
- Key Quote:
"If your organization runs Sitecore... apply these patches immediately. Restrict access to the Item Service API and for goodness sake, do not leave default credentials in place." — David Shipley [07:28]
6. Nation-State Threats Targeting MFA Flows
- Incident:
Russia’s APT29 (“Cozy Bear”) compromised legit sites, injected JavaScript to redirect 10% of visitors to fake Cloudflare verification pages. Victims prompted for device codes; if entered, attackers gained persistent Microsoft 365 access. - Attack Techniques:
- Script encoding
- Use of cookies to evade repeat detection
- Rapid infrastructure changes
- Takeaway:
User vigilance and security education are still vital. No technology-only “silver bullet.” - Key Quote:
"Continue to educate your team to be suspicious of unsolicited device code prompts and double check domain names before entering any authentication codes." — David Shipley [09:28]
7. Salesforce/Drift OAuth Token Breaches and Supply Chain Fallout
- Timeline & Scope:
- Stolen OAuth tokens used to access Salesforce customer instances and exfiltrate AWS keys, passwords, Snowflake tokens.
- At least 700 organizations affected; drift tokens also used to breach Google Workspace instances.
- Google revoked Drift workspace tokens, Salesforce disabled Drift integrations across platforms.
- Major Victims:
- TransUnion (4.4+ million US customer records stolen, including SSNs)
- Other victims: Farmers Insurance, Workday, Pandora, Cisco, Chanel, Qantas
- Industry Response:
- Salesloft hired Mandiant for investigation
- Urgent recommendation: Review integrations, rotate all tokens and credentials immediately
- AI Tech at Fault?:
- Drift’s “agentic AI” offerings under scrutiny for possibly enabling the cascading breach.
- Key Quote:
"These attacks demonstrate how a single compromised integration can cascade into mass data exposure across many organizations." — David Shipley [12:36]
“If those offerings were at the root of this cascading breach nightmare, it may mark one of the earliest and most significant security failures associated with this bleeding edge AI technology.” — David Shipley [13:45]
Notable Quotes & Memorable Moments
- The "AI Speed" Era:
“Security is yielding the same awful results, but at greater speed. Chaos and harm.” — David Shipley [06:18]
- Security Fundamentals Matter:
"Security awareness still matters it matters a lot and anyone telling you that technology silver bullets solve the entire problem, they're not doing you a favor." — David Shipley [09:15]
- A Warning for AI Developers:
“If organizations are unable or unwilling to do that work, they shouldn't implement AI powered tools into their development shops.” — David Shipley [06:50]
- The Price of Bleeding Edge:
“Unfortunately for everyday folks, they're often the ones getting cut with data breaches when companies live at the bleeding edge.” — David Shipley [14:30]
Guidance for Listeners
- Immediate Actions:
- If your org uses NX, Sitecore, Salesforce, Drift, or heavily relies on AI coding assistants: audit integrations, apply patches, rotate all credentials and tokens, and review dependency hygiene.
- Continue rigorous security awareness training, especially related to MFA, device code prompts, and package management.
- Final Takeaway:
- “Stay skeptical, stay patched, and may the Force be with you.” — David Shipley [15:33]
This episode is a comprehensive, urgent briefing on the rapidly evolving threat landscape, driven by the intersection of automation, AI, and supply chain compromise. The message: only organizations committed to proactive, adaptive security can hope to thrive.