Unpacking the AsyncAPI npm supply chain compromise and import-time payload delivery
Threat actors compromised AsyncAPI packages and weaponized trusted CI/CD workflows to distribute malware through npm.
Security