opensourcemalware.com/blog/cybe…
A cybersecurity startup founder published malicious NPM packages disguised as AI developer tools to harvest sensitive identity data and environment configurations from victim machines. The attacker utilized typosquatting and install-time execution to exfiltrate information, suggesting a potential effort to build a proprietary dataset for future operations.