Socket found a compromised Injective npm package stealing wallet keys amid rising crypto supply chain attacks.
In Operation Muck and Load, over 200 GitHub repositories serve a Go module that leads to Windows malware infections.