Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

/in

Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS hosts.

“This attack avoids the most common npm execution paths through lifecycle scripts, perhaps in an attempt to remain ‘compatible’ with npm v12’s security hardenings,” JFrog said in a

The Hacker News – ​Read More

Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Fla...Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH FlawHow to make Linux look like MacOS for free – with a few simple ZorinOS...