Supply Chain Attacks Are Spreading: NPM, PyPI, and Docker Hub All Hit in 2025

When npm was hit in September, it was tempting to see it as an isolated supply chain attack. A maintainer fell for a phish, popular packages were swapped out, and downstream projects scrambled. But npm wasn’t the only ecosystem in the spotlight this year. PyPI and Docker Hub both faced their own compromises in 2025, and the overlaps are impossible to ignore.LinuxSecurity – Security ArticlesRead More