Multiple software supply chain attacks have hit the npm
ecosystem, with threat actors using both malicious and poisoned
versions of over 50 legitimate packages to distribute a Rust-based
information stealer and a self-spreading worm, respectively.
According to JFrog, the information stealer "scrapes every secret
it can find on a developer's machine, hides behind an eBPF kernel
rootkit, and
Read more https://thehackernews.com/2026/06/ironworm-and-new-miasma-worm-variant.html
