In a newly disclosed multi-stage supply-chain campaign, a threat actor published ten typosquatted npm packages that mimicked popular libraries to deploy a cross-platform credential stealer. According to a Socket analysis, the packages were published on July 4 and had collectively amassed nearly 10000 downloads in four months before being flagged for removal. “Each package leverages…
Everything is ideas, the rest is nature.
