A new threat compromises 73 npm packages with credential-stealing malware. These packages, designed for AI agents, execute self-replicating stealers upon installation, posing a significant security risk to developers. This incident highlights ongoing supply chain vulnerabilities within the AI development ecosystem.
Opening Kapyn…