Multiple hijacked npm cryptocurrency packages exfiltrate sensitive environment variables via obfuscated scripts and pose risks to open source ecosystems.| www.sonatype.com
Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers' systems.| BleepingComputer