1 story taggedPaysafe.
A single attacker uploaded 17 lookalike payment packages that quietly stole API keys, cloud credentials and GitHub tokens from anyone who installed them.