TLDR; Security researchers have identified two malicious npm packages, warbeast2000 and kodiak2k, designed to exfiltrate SSH keys from developers’ systems. These packages utilized GitHub repositories to store the stolen SSH keys, encrypted in Base64. A staggering 1300% increase in malicious packages on open-source package managers has been reported from 2020 to the end of 2023. In a concerning trend for […]
EN 
TR