JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
Kaspersky says the attacks use phishing, GitHub-hosted payloads, CVE-2025-9491 LNK abuse, and Go2Tunnel-based tunneling.
Sandiegouniontribune.com covers local news in San Diego County, CA, California and national news, sports, things to do and the best places to eat, business and the San Diego housing market.