(github.com)

441 points longcat | 1 comments | 27 Aug 25 01:38 UTC | HN request time: 0s | source

https://semgrep.dev/blog/2025/security-alert-nx-compromised-...

Show context

roenxi ◴[27 Aug 25 12:46 UTC] No.45038912[source]▶

Honest to goodness, I do most of my coding in a VM now. I don't see how the security profile of these things are tolerable.

The level of potential hostility from agents as a malware vector is really off the charts. We're entering an era where they can scan for opportunities worth >$1,000 in hostaged data, crypto keys, passwords, blackmail material or financial records without even knowing what they're looking for when they breach a box.

replies(4): >>45039149 #>>45039756 #>>45043435 #>>45049665 #

1. sheerun ◴[27 Aug 25 18:46 UTC] No.45043435[source]▶

>>45038912 #

Exactly this, with note that due ecosystem and history of software, setting up such environment is either really hard or relatively expensive

↑

Malicious versions of Nx and some supporting plugins were published