Unknown attackers compromised Injective Labs' GitHub repo to publish npm package 1.20.21, which steals wallet private keys ...
A new attack technique dubbed HalluSquatting turns AI assistants’ tendency to hallucinate into a scalable infection vector.