A new software supply-chain attack is abusing the npm ecosystem today, where a single mistaken dependency can quietly open a door into a developer’s machine. The activity, tracked as “StegaBin,” mixes familiar tricks like typosquatting with a staged delivery path that runs during installation and keeps the theft out of sight.​ In this wave, 26 […] The post New ‘StegaBin’ Campaign Uses Malicious 26 npm Packages to Deploy Multi-Stage Credential Stealer appeared first on Cyber Security News.