←back to thread

Malicious versions of Nx and some supporting plugins were published

(github.com)
441 points longcat | 1 comments | 27 Aug 25 01:38 UTC | HN request time: 0.241s | source
Show context
echelon ◴[27 Aug 25 12:58 UTC] No.45039034[source]
Google and Anthropic: this is a SEV0.

Assemble your teams and immediately do the following:

1. Issue a public statement that you are aware of this issue and are tracking it

2. Begin monitoring your analytics to see which customers are impacted and shut down their access

3. Reach out to impacted customers and let them know you'll be preparing a list of next steps for them.

4. Monitor for a wider blast radius or larger attack surface area

5. Notify internal teams of broader security efforts as a result of this

6. After this cools down, hold internal and public postmortems.

Do this now.

Edit: -4 and flagged. I give up.

replies(4): >>45039077 #>>45039100 #>>45039132 #>>45039150 #
dpoloncsak ◴[27 Aug 25 13:07 UTC] No.45039150[source]
What does Google or Antropic have to do with anything here? NX was compromised. Threat actors are using this access to leverage CLI LLMs to search the computer for you. Is this any different than if they just ran a big /find?

Should the AI Assistant NOT reply to the request it was given? Why shouldn't it?

replies(2): >>45039259 #>>45039442 #
1. wat10000 ◴[27 Aug 25 13:15 UTC] No.45039259[source]
They’re essentially being used as a programming language interpreter. This attack could easily have been done with Python or Ruby or Perl. There can’t be a realistic expectation that these tools are robust against malicious input. You have to either sandbox them or keep malicious input away from them.