Supply chain brain drain: npm attacker foolishly leaks own GitHub private token
Source: Theregister
Published:
<p>An npm-slop package “mouse5212-super-formatter” targeting Claude users and acting as a stealer reached 676 downloads before being removed from the registry - and after making a major vibe coding blunder.</p> <p>The AI-generated malware leaked its own GitHub private token, thus allowing OX Securit