Supply Chain Attacks

Supply Chain Attacks

From State of Cybercrime by Varonis, Matt Radolec, David Gibson

September 20, 2025 · 24 min · Season 3 · Episode 29

About this episode

This episode discusses a significant NPM compromise and its implications for cybercrime.

This month marked the discovery of one of the largest NPM compromises in history. Though AI-assisted social engineering, a profilic developer dubbed Qix was phished. His account was then maliciously used to publish poisoned packages, many of which were used to manipulate crypto transactions. Thankfully, it was detected before too many users downloaded these packages, but it highlights how vulnerable we can be if these upstream components get compromised. In this special State of Cybercrime episode, Matt and David break down this NPM compromise, and cover everything else new in the world of cybercrime.

People in this episode

Hosts: Matt Radolec, David Gibson

Topics covered

  • Supply Chain Attacks
  • NPM Compromise
  • Cybercrime
  • AI-assisted Social Engineering
  • Malicious Packages

Keywords

  • Supply Chain Attacks
  • NPM
  • Cybercrime
  • AI
  • Phishing
  • Malicious Packages
  • Crypto Transactions

Mentioned in this episode

Organizations: NPM, crypto

More episodes of State of Cybercrime

Explore listener stats, chart rankings, contacts and more on the State of Cybercrime podcast page.