Researchers at application security testing firm Checkmarx Ltd. today detailed a previously unknown threat actor leveraging NPM packages to target developers to steal source code and secrets. The threat actor, believed to have been active since 2021 but undetected until now, has been publishing malicious NPM packages.

Source: SiliconANGLE