#supply-chain-attack

SANDWORM_MODE: Malicious npm Cluster Automates Secret Harvesting and Crypto Theft

Security researchers have identified a coordinated campaign involving 19 malicious npm packages designed to exfiltrate CI/CD secrets, API tokens, and private cryptocurrency keys.