
NX Supply Chain Attack Explained (with Trevor Kilvington)
From SEEK Bytes by SEEK
May 5, 2026 · 38 min · Season 3 · Episode 45
About this episode
This episode unpacks the NX supply chain attacks and their implications for IT teams.
Imagine updating a trusted monorepo tool… and the next time you open your terminal it asks for your password, then tries to shut your machine down. In this episode of SEEK Bytes, Will, Seamus and SEEK Staff Engineer Trevor Kilvington unpack the NX supply chain attacks – how they unfolded, why they were so scary, and what every IT team can learn from them. This episode's special guest: Trevor Kilvington (SEEK Staff Engineer) In this episode, we explore: • How a popular open-source tool ended up shipping malicious code to developers’ laptops and CI pipelines – and how SEEK engineers helped spot it first • Why attackers leaned on AI prompts and worm-like behaviour to hunt for secrets and quietly spread through NPM packages • The uncomfortable question of whether keeping everything “always up to date” is still the safest choice – and what this means for CI/CD ownership and developer responsibilities Whether you’re in software engineering, DevOps, SRE, security, platform or IT leadership, this episode will change how you think about package updates, build pipelines and the tools you trust every day. 👍 Follow the SEEK Bytes podcast so you never miss a new episode
People in this episode
Hosts: Will, Seamus
Guest: Trevor Kilvington
Topics covered
- supply chain attack
- open-source tools
- malicious code
- software engineering
- DevOps
- CI/CD
Keywords
- NX supply chain attack
- malicious code
- open-source
- software development
- CI pipelines
- developer responsibilities
- AI prompts
Mentioned in this episode
Organizations: SEEK
More episodes of SEEK Bytes
- Responsible AI: Bias, Blind Spots & Big Risks (with Sreyna Rath) · June 9, 2026 · 31 min
- PERL: The Smart AI Workflow · June 2, 2026 · 31 min
- Vibe Coding with AI: Non-Developers building apps (with Helen Giapitzakis) · May 26, 2026 · 53 min
- New AI Tools, Same Old Bugs? The crew react to the Next Wave · May 19, 2026 · 42 min
- OpenClaw: Build your own AI Agent workforce (without getting burnt) · May 12, 2026 · 35 min
- Inside SEEK's Hackathons (with Glenn Wilson, Kat Vassallo & Andy Maxey) · April 28, 2026 · 35 min
Explore listener stats, chart rankings, contacts and more on the SEEK Bytes podcast page.