Security News Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens TheHackerNews Daniel Bender 22 Apr 2026 Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.
