Endor Labs in its report
Source: www.endorlabs.com
Published:
<p>Endor Labs detected 42 malicious npm packages forging valid Sigstore provenance. If you installed affected packages May 19, rotate all credentials now.</p> <p>Endor Labs detected 42 malicious npm packages on May 19, 2026 between 01:39 and 02:06 UTC. The campaign was first observed with the compro