Malicious Jscrambler NPM package versions distributed a cross-platform credential stealer in a new supply chain attack.
Threat actors compromised AsyncAPI packages and weaponized trusted CI/CD workflows to distribute malware through npm. This ...