A supply chain attack has compromised the official XRP Ledger Node.js SDK, a widely used library for integrating JavaScript and TypeScript applications with the XRP Ledger. Security firm Aikido Security discovered that malicious code designed to steal private keys was deployed in the official XRPL NPM package. This backdoor infection poses a risk to users relying on the XRP Ledger software. Separately, a new malware targeting Docker has been identified, where hackers hijack Docker to run fake nodes on the Web3 network Teneo. Instead of mining cryptocurrency, the attackers farm TENEO tokens by sending fake heartbeat signals, with over 325 downloads of the malicious Docker image reported.