In September 2025, hackers pulled off one of the largest supply chain breaches in open source history.
A single phishing email hijacked trusted maintainers.
Malicious updates poisoned npm packages like debug and chalk, downloaded billions of times a week.
The “s1ngularity” attack on Nx packages weaponised GitHub workflows and even AI developer tools to steal secrets at scale.
This 3-minute explainer breaks down what happened, why it matters, and what defenders can learn.
👉 Watch the video, then read our full analysis on DevSecComOps Substack.
