Researchers Uncover New Supply Chain Attack Involving Ten npm Packages

Cybersecurity researchers have discovered a new supply chain attack involving ten npm packages, some of which have existed for nearly 10 years. These packages received malicious updates designed to steal environment variables and other confidential data from developers' systems. The attack aims to steal sensitive information, which could have serious consequences for affected development projects. Technical details include the manipulation of environment variables to exfiltrate data.