The campaign spans npm, Packagist, Go, and Chrome, using obfuscated JavaScript loaders and VS Code tasks to deliver malware.
This AI research tool saved me hours organizing technical notes, but it has one fatal flaw at scale.