A threat actor known as UNC6426 leveraged keys stolen following the supply chain compromise of the nx npm package last year to completely breach a victim’s cloud environment within a span of 72 hours.
The attack started with the theft of a developer’s GitHub token, which the threat actor then used to gain unauthorized access to the cloud and steal data.
„The threat actor, UNC6426, then used this
https://thehackernews.com/2026/03/unc6426-exploits-nx-npm-supply-chain.html