Threat IntelligenceHijacked AsyncAPI npm Packages Slipped a Botnet Loader Into Developer Machines
Four packages under the popular @asyncapi namespace were tampered with to deliver a multi-stage malware loader, in the latest reminder that the open-source supply chain is a soft target.