The campaign spans npm, Packagist, Go, and Chrome, using obfuscated JavaScript loaders and VS Code tasks to deliver malware.
Issued at 1:12 pm EST Sunday 5 July 2026 (issued every 10 minutes, with the page automatically refreshed every 10 minutes) ...