Multiple npm packages have been hijacked to deploy a credential and crypto stealer, using novel techniques such as VSCode autorun and blockchain dead drops, posing a significant threat to developers a
Original source: Security Affairs
SecVista Signal