1. npm Supply Chain Worm Harvests Developer Credentials, Persists After Package Removal
A sophisticated supply chain attack campaign has compromised 172 npm and PyPI packages since May 11, embedding a credential-harvesting worm that survives package removal on affected development workstations. Security researchers warn that any environment that installed or imported these packages should be treated as co...