Tootfinder

#LazyWeb question regarding the dreaded NPM #GlassWorm or similar malware to harvest auth tokens:
To avoid a potential infection leading to harvesting the token usually stored in `~/.npmrc`, I changed that file's content to:
`//registry.npmjs.org/:_authToken=${NPM_TOKEN}`
...…

Looks like blockchains have finally found a serious use case, just maybe not the one predicted/hoped for...
This article is about #Glassworm, the latest major exploit in JavaScript-land, targetting VSCode and using #Solana as command infrastructure and Google Calendar events as backup. It'…

GlassWorm: First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplace | Koi Blog