A newly identified wave of malicious software supply chain activity linked to North Korea has infiltrated the popular JavaScript package ecosystem npm, targeting developers worldwide.
The campaign, uncovered by Socket’s Threat Research Team, centers around a stealthy new malware loader dubbed XORIndex and marks a dangerous...