npm Supply Chain Attack via Open Source maintainer compromise
10mo agoen
Source
Snyknpm Supply Chain Attack via Open Source maintainer compromisesnyk.ioOn Monday, September 8th, a highly regarded open source developer, ~qix, was compromised via a phishing email.
You might also wanna read
NPM Package Author "qix" Compromised in Ongoing Supply Chain Phishing Attack
This article discusses the ongoing issue of phishing attacks targeting NPM package authors, specifically focusing on a compromised author na
DuckDB npm Account Breached in Ongoing Supply Chain Attack with Wallet-Drainer Malware
The ongoing npm supply chain attack that previously compromised prolific author Qix has now spread to the DuckDB npm account (duckdb_admin).

September 2025 NPM supply-chain attack compromises popular JavaScript packages
In September 2025, a coordinated software supply-chain attack targeted multiple popular NPM packages in the JavaScript ecosystem. The attack
projectptixiakis.github.io·1mo ago
Supply Chain Attacks on Open-Source Software: Case Study of Malicious Pull Request Attempts
The article discusses recent supply chain attacks on open-source software projects like LiteLLM and axios, with a specific case study of att
North Korean Hackers Target Open Source Developers in Supply Chain Attacks
BackBox.org·1d ago
Microsoft uncovers npm supply chain attack stealing cloud and CI/CD credentials via typosquatted packages
Microsoft identified an active supply chain attack (Mini Shai-Hulud campaign) targeting the npm package ecosystem. On May 28, 2026, a threat
microsoft.com·1mo ago

Comments
Sign in to join the conversation.
No comments yet. Be the first.