Malicious npm packages mimicking Rollup polyfill tooling steal browser data, crypto wallets, and AI tool credentials in a Lazarus-linked campaign.
If you're considering PuppeteerSharp for PDF generation, here's the version of the story that doesn't show up in the "getting started" docs.
A campaign active since last November has been targeting Python developers building Telegram bots with trojanized Pyrogram ...