Nx A.I CyberSecurity Scoring
Nx
Company Information
Website:https://nx.dev
Employees number:166
Number of followers:7,853
NAICS:513
Industry Type:Technology, Information and Internet
Homepage:nx.dev
Nx Risk Score (AI oriented)
Between 700 and 749
NxTechnology, Information and Internet
Updated:
31/03/2026
31/03/2026
739/1000
Moderate
Ba
Nx Global Score (TPRM)
xxxx
NxTechnology, Information and Internet
Score locked

NxModerate
Current Score
739Ba (MODERATE)
01000
1 incidents
-31 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
741
JUNE 2026
741
MAY 2026
740
APRIL 2026
740
MARCH 2026
739
FEBRUARY 2026
739
JANUARY 2026
738
DECEMBER 2025
737
NOVEMBER 2025
737
OCTOBER 2025
737
SEPTEMBER 2025
767
Cyber Attack
08 Sep 2025 • Nx
Nx (by Nrwl)
Nx 's1ngularity' Supply Chain Attack
736
CRITICAL-31
NXD3703637090925
The Nx supply chain attack (dubbed 's1ngularity') exploited a vulnerability in GitHub Actions workflows within the Nx repository, a widely used open-source build system for enterprise JavaScript/TypeScript projects. Attackers manipulated a pull request title and abused the `pull_request_target` configuration to execute arbitrary code in Nx’s CI pipeline, publishing a malicious version of the Nx package on NPM. This embedded a credential-stealing script (`telemetry.js`) that harvested 2,180 GitHub accounts, 7,200 repositories, and sensitive data including GitHub/npm tokens, SSH keys, .env files, cryptocurrency wallets, and other local credentials—all uploaded to public GitHub repositories for exfiltration.The attack leveraged AI-driven tools (Claude, Q, Gemini) to automate and refine credential discovery, bypassing AI safeguards by tuning prompts (e.g., labeling actions as 'penetration testing'). Despite Nx’s response—revoking tokens, enforcing 2FA, and migrating to NPM’s Trusted Publisher model—stolen credentials remain valid, enabling ongoing access to corporate systems. The breach highlights critical risks in open-source supply chains, CI/CD security, and AI weaponization, with long-term implications for affected organizations, including potential source code leaks, infrastructure compromises, and cascading attacks via reused credentials.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
AUGUST 2025
767
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for Nx ??
What was Nx's A.I Rankiteo Cyber Score in June 2026 ??
What was Nx's A.I Rankiteo Cyber Score in May 2026 ??
What was Nx's A.I Rankiteo Cyber Score in April 2026 ??
What was Nx's A.I Rankiteo Cyber Score in March 2026 ??
What was Nx's A.I Rankiteo Cyber Score in February 2026 ??
What was Nx's A.I Rankiteo Cyber Score in January 2026 ??
What was Nx's A.I Rankiteo Cyber Score in December 2025 ??
What was Nx's A.I Rankiteo Cyber Score in November 2025 ??
What was Nx's A.I Rankiteo Cyber Score in October 2025 ??
What was Nx's A.I Rankiteo Cyber Score in September 2025 ??
What was Nx's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on Nx's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with Nx ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view Nx's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?