A new supply chain attack has surfaced targeting software developers who work with AI coding tools. On March 20, 2026, a threat actor published a malicious npm package named gemini-ai-checker under the account gemini-check, presenting it as a simple utility to verify Google Gemini AI tokens. The package looked credible enough to fool developers — but beneath its […] The post Hackers Use Fake Gemini npm Package to Steal Tokens From Claude, Cursor, and Other AI Tools appeared first on Cyber Security News.