UNC6426 used stolen GitHub tokens from the 2025 nx npm breach to gain AWS admin access in under 72 hours, enabling data theft and cloud destruction.

Malicious Chrome extensions tied to ownership transfers push malware and steal data, exposing thousands to credential theft and system compromise.

Hackers exploited a compromised npm package to breach cloud systems and gain full AWS administrator access within 72 hours.

Javascript is required for you to be able to read premium content. Please enable it in your browser settings.