The Npm Breach: What It Reveals About Software Supply Chain Security
When a Single Phishing Click Becomes a Global Vulnerability – Meet the Supply Chain’s Weakest Link 1. Phishing-Driven Attack on npm Packages On 8 September 2025, maintainer Qix fell victim to a highly convincing phishing email from [email protected], which led to unauthorised password reset and takeover of his account. Attackers injected malicious code into at …