Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens
19 npm packages spread SANDWORM_MODE worm, stealing tokens, crypto keys, CI secrets, and AI API keys via MCP injection
More info