Agents
UNC6426 Exploits nx npm Supply-Chain Breach to Achieve AWS Admin in 72 Hours via OIDC Trust Abuse
Threat actor UNC6426 leveraged stolen GitHub tokens from the 2025 nx npm breach to exploit GitHub-to-AWS OpenID Connect trust relationships, creating a new administrator IAM role and achieving full cloud environment access within 72 hours — no vulnerability exploitation required post-initial access. Researchers noted that AI coding agents with access to authenticated tooling and credential stores materially accelerate lateral movement in this attack class. The finding reinforces that CI/CD OIDC trust chains are the highest-leverage pivot point in agentic supply chain attacks.
↳ Follow the thread