Typosquatted npm Packages Steal Cloud and CI/CD Secrets From Developer Systems
Source: Cybersecuritynews
Published:
<p>A new wave of malicious software packages has been caught stealing cloud credentials and CI/CD pipeline secrets from developer machines, raising fresh alarms the security of the open-source software supply chain. The attack, uncovered on May 28, 2026, shows just how easy it has become for bad act