TGTGInsighttelegram intelligenceLIVE / telegram public index
← The Hacker News
View original
The Hacker News avatar

TGINSIGHT POST

Post #8463

@thehackernews

The Hacker News

Views9,680Post view count
PostedFeb 2302/23/2026, 10:21 AM
Post content

Post content

🤖 Researchers found 19 malicious npm packages spreading SANDWORM_MODE. The worm 🐛 steals npm/GitHub tokens, SSH keys, API secrets, and crypto keys, then propagates using stolen identities. It also injects into AI coding tools to harvest LLM API keys. 🔗 Read → https://thehackernews.com/2026/02/malicious-npm-packages-harvest-crypto.html