Cybersecurity researchers have uncovered an active supply-chain attack targeting developers through the npm registry. The Socket Research Team detected a malicious, unscoped package named “tanstack” that impersonates the legitimate TanStack organization. When developers mistakenly install this fake package, it silently steals sensitive environment variables from their machines. The stolen data is then automatically sent to […] The post Fake TanStack npm Package Exfiltrates Sensitive Developer Data appeared first on Cyber Security News.