
Supply Chain Attacks
From State of Cybercrime by Varonis, Matt Radolec, David Gibson
September 20, 2025 · 24 min · Season 3 · Episode 29
About this episode
This episode discusses a significant NPM compromise and its implications for cybercrime.
This month marked the discovery of one of the largest NPM compromises in history. Though AI-assisted social engineering, a profilic developer dubbed Qix was phished. His account was then maliciously used to publish poisoned packages, many of which were used to manipulate crypto transactions. Thankfully, it was detected before too many users downloaded these packages, but it highlights how vulnerable we can be if these upstream components get compromised. In this special State of Cybercrime episode, Matt and David break down this NPM compromise, and cover everything else new in the world of cybercrime.
People in this episode
Hosts: Matt Radolec, David Gibson
Topics covered
- Supply Chain Attacks
- NPM Compromise
- Cybercrime
- AI-assisted Social Engineering
- Malicious Packages
Keywords
- Supply Chain Attacks
- NPM
- Cybercrime
- AI
- Phishing
- Malicious Packages
- Crypto Transactions
Mentioned in this episode
Organizations: NPM, crypto
More episodes of State of Cybercrime
- The Canvas Breach · May 19, 2026 · 30 min
- The Axios Supply Chain Attack · April 10, 2026 · 43 min
- Salesforce Aura Data Theft · March 20, 2026 · 30 min
- OpenClaw & Moltbook (w/ Moriah Hara!) · February 14, 2026 · 43 min
- The React2Shell Crisis · December 15, 2025 · 23 min
- AI-Powered Espionage · November 24, 2025 · 24 min
Explore listener stats, chart rankings, contacts and more on the State of Cybercrime podcast page.