Blog - Lupin & Holmes

What's up?

Fresh

First Week, First Hack: Compromising a Package with 40 Million Weekly Downloads illustration

Apr 02, 2026Supply Chain Attack, CI/CD, Depi, GitHub Actions, npm, Dependabot

First Week, First Hack: Compromising a Package with 40 Million Weekly Downloads

How Ledger Donjon Used Depi to Neutralize a Stealth Supply Chain Threat illustration

Mar 17, 2026Depi, Ledger, Supply Chain Attack, Rollup, CI/CD, Case Study

How Ledger Donjon Used Depi to Neutralize a Stealth Supply Chain Threat

One Label Away from Backdooring 80 million installations per week illustration

Mar 17, 2026Rollup, GitHub Actions, Cache Poisoning, Supply Chain Attack, CI/CD, Depi

One Label Away from Backdooring 80 million installations per week

Again...

First Week, First Hack: Compromising a Package with 40 Million Weekly Downloads illustration

First Week, First Hack: Compromising a Package with 40 Million Weekly Downloads

How Ledger Donjon Used Depi to Neutralize a Stealth Supply Chain Threat illustration

How Ledger Donjon Used Depi to Neutralize a Stealth Supply Chain Threat

One Label Away from Backdooring 80 million installations per week illustration

One Label Away from Backdooring 80 million installations per week

We Hacked the npm Supply Chain of 36 Million Weekly Installs illustration

We Hacked the npm Supply Chain of 36 Million Weekly Installs

Depi is Now Available on AWS Marketplace ! illustration

Depi is Now Available on AWS Marketplace !

Netflix Vulnerability: Dependency Confusion in Action illustration

Netflix Vulnerability: Dependency Confusion in Action

We hacked Google’s A.I Gemini and leaked its source code (at least some part) illustration

We hacked Google’s A.I Gemini and leaked its source code (at least some part)

Depi Launch: A New Approach to Software Supply Chain Security illustration

Depi Launch: A New Approach to Software Supply Chain Security

How We Hacked a Software Supply Chain for $50K illustration

How We Hacked a Software Supply Chain for $50K

Hacking Millions of companies around the world with 10$: A Massive Software Supply Chain Attack illustration

Hacking Millions of companies around the world with 10$: A Massive Software Supply Chain Attack

Exploiting Fortune 500 Through Hidden Supply Chain Links illustration

Exploiting Fortune 500 Through Hidden Supply Chain Links

How a Single Vulnerability Can Bring Down the JavaScript Ecosystem illustration

How a Single Vulnerability Can Bring Down the JavaScript Ecosystem