Episode #296 - NX Supply Chain Attack

This week on Absolute AppSec’s 296th episode, Seth and Ken return to review the current state of the OWASP Top 10 project, given recent requests and interactions on Absolute AppSec Slack from various contributors. This is followed by an in-depth breakdown of the recent NX npm package compromise. This breakdown shows that, although AI was weaponized to exfiltrate data, the primary exploit resulted from a command injection flaw. Crocs and Socks, once again, are coming back to bite. Finally, Ken and Seth provide a list of resources they use to monitor all things security news. To see this episode, go to https://www.youtube.com/@AbsoluteAppSec/streams, find us on Spotify, or look up Absolute AppSec wherever you get your podcasts.

The OWASP Top Ten is a pivotal part of the security community. Recently, Brian Glass, one of the main contributors and data wranglers for the OWASP Top Ten, discussed the considerations for building the 2025 version of the list. The creation of the list presents certain challenges; not only has it been criticized for its categories and lack of specificity, but approximately 25% of CVEs lack a suitable Common Weakness Enumeration associated with them, which complicates data analysis. Brian has been exploring these considerations, including whether the list should focus on singular vulnerabilities or broader categories. The OWASP Top Ten 2025 is expected to reflect a shift away from focusing solely on individual coding errors and towards more systemic risks like supply chain issues and insecure design. Recent events, like the NX supply chain attack, underscore the importance of these broader categories. While Seth and Ken have their own critiques of the OWASP organization as a whole, the effort and dedication of the people behind the project are commendable and a staple of the community. For anyone new to the field with an opinion on what’s important, contributing to projects like this is an incredibly valuable experience and an opportunity to network.

The main topic of this episode was a recent supply chain attack on the NX package. The attack began with a malicious pull request to the NX repository. The vulnerability was a command injection flaw— the attackers embedded malicious code in the PR title, which the GitHub Actions build system then executed. This allowed the attackers to exfiltrate GitHub tokens and upload a malicious version of the NX package to the NPM repository. People who downloaded this malicious version had the code run on their machine as part of a post-installation script, allowing the attackers to gain remote code execution. The attackers then used locally installed AI tools on the compromised machines to search for and exfiltrate sensitive files; however, the hosts clarify that the RCE was the primary exploit, and the AI was only utilized to automate data exfiltration. The attackers also flipped private repositories to public and installed a denial-of-service command that would shut down a user’s machine. The malicious packages were only live for a short period—approximately five hours—before being removed from the npm registry by the platform’s team and Nx maintainers. All compromised tokens were also revoked. However, even in that brief window, thousands of developers were likely exposed.

This is what Seth and Ken categorize as “plain old AppSec,” caused by a simple command injection flaw, not a sophisticated AI-driven hack. The AI component simply automated the search for and exfiltration of sensitive data, rather than performing a new attack itself. While the AI aspect of the attack has no substantial novelty, Seth and Ken note that using AI tools for exfiltration is a new trend. This could make detection more challenging because the AI’s non-deterministic nature can evade traditional signature-based malware detection systems. Seth noted that malware detection, which has relied on pattern analysis for years, might struggle with prompts that accomplish the same task in different ways. Ken suggested that organizations might need to implement policies and monitoring to prevent the use of dangerous flags, such as one literally named ’’’—yolo’’’ , that were used in this attack to disable security checks. Overall, the attack serves as a reminder that the basics of application security, or “Crocs and Socks,” remain crucial.

Are you looking to bulk up your clothing collection for fall weather? Well, the Absolute AppSec merch store might just have what you’re looking for. Pick out a hoodie or beanie to keep your core temperatures nice and toasty.

And, if you have thoughts you’d like to share with Seth and Ken and the Absolute AppSec audience, join us in Slack. Show topics often originate as discussion points with the Slack audience, and the newsletter incorporates that discussion as well. So, join in there to offer ideas for what you’d like the podcast to cover as well as pick the brains of a number of industry experts.

Stay Secure,

Seth & Ken

Related Episodes

https://youtube.com/live/DJ73bMi5-tQ - Episode #270 - 2025 AppSec Predictions - Who could have predicted more supply chain attacks? Anyone? Oh, wait, we did earlier this year. Checkmate. Other predictions for 2025 include additional AI billing models, a new OWASP Top 10 2025, and more.

https://youtu.be/YTIof-RiiKk - Episode #75 - Brian Glas, OWASP Top 10, OWASPSAMM - In a callback to a simpler time, Professor Glas talks about the process of developing the OWASP Top 10 2017, the path to his involvement in the project, and how it almost split AppSec in two. Also a discussion on OWASPSAMM vs. OpenSAMM vs. BSIMM.

https://youtu.be/1SpHiMP0vZ8ls - Episode #125 - Interviews, SQLi, Concurrency, Wordpress - Seth and Ken talk about injection attacks (this time it’s SQLi) in the news and how it’s treated. Why monolithic platforms (like Wordpress) can be bad for security.

Absolute AppSec Happenings

https://www.dryrun.security/blog/meet-code-insights-mcp-your-secure-code-concierge - A shoutout to Ken and DryRun, they have released a new MCP server that allows for easy query of findings and code changes across all of the pull requests monitored by their tool. Super easy way to get ask about significant (or not) changes to code even when it’s not documented well.

https://security.apple.com/blog/memory-integrity-enforcement/ - Interesting blog post by Apple’s Security team detailing low-level techniques for preventing security flaws and exploits. We do not often get down to this level on the podcast, but understanding memory safety, how it is implemented, and why it matters to you on the AppSec side of the house is an important arrow in your quiver.

https://www.youtube.com/watch?v=GfH4QL4VqJ0 - Python: The Documentary - Coming from the “Seth-Is-Old-AF” section, understanding how and why python came about. Fun watch and fascinating to see the players involved.

Upcoming Events

Where in the world are Seth and Ken?

September 12, 2025 - BSidesCache - TODAY! Seth and team are at the BSides conference in Logan, Utah next week. Come say “hi” to Redpoint Security at the Bridgerland Applied Technical College if you’re attending.

September 23-25, 2025 - Enterprise Tech Leadership Summit - Las Vegas, NV - Ken will be attending so check in with us in the slack if you’d like to see about catching up with him for a pseudo-extension of Vegas summercamp.

December 8-11, 2025 - Next-Gen Secure Code Review: Black Hat Edition - Seth and Ken are bringing a four-day exclusive course to Black Hat Europe in London, UK. This is a great opportunity to get a truly in-depth understanding of Secure-Code Review and how it can be empowered through LLM-tooling. Seth and Ken have innovated industry-leading trainings in both of these topics, so this four-day course promises to provide a lot of valuable insight.