Security News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

TheHackerNews

Daniel Bender

23 Feb 2026

19 npm packages spread SANDWORM_MODE worm, stealing tokens, crypto keys, CI secrets, and AI API keys via MCP injection