DuckDB npm Account Breached in Ongoing Supply Chain Attack with Wallet-Drainer Malware
Ongoing npm supply chain attack spreads to DuckDB: multiple packages compromised with the same wallet-drainer malware.
Read the full articleYou might also wanna read

npm Supply Chain Attack via Open Source maintainer compromise
On Monday, September 8th, a highly regarded open source developer, ~qix, was compromised via a phishing email.

September 2025 NPM supply-chain attack compromises popular JavaScript packages
In September 2025, the JavaScript ecosystem faced one of its most disruptive security events to date: a coordinated software supply-chain at
Injective npm supply chain attack leaks crypto wallet keys
ON July 8, 2026, a supply chain attack targeted the Injective blockchain's npm packages, compromising a trusted developer's account to injec
npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)
Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed
Jscrambler npm Hack: The Supply Chain Attack That Targeted Every AI Developer's Machine
The official jscrambler npm package published 5 compromised versions on July 11, 2026, using a preinstall hook to drop a Rust infostealer ta

Injective npm Supply Chain Attack: 18 Packages Backdoored to Steal Crypto Wallet Keys
On July 8, 2026, attackers used access to a trusted developer's account to slip a backdoor into a widely used software development kit for t

Comments
Sign in to join the conversation.
No comments yet. Be the first.