The campaign spans npm, Packagist, Go, and Chrome, using obfuscated JavaScript loaders and VS Code tasks to deliver malware.
As we flip the calendar to July — that is, for those of us who still use paper calendars — we are entering one of my favorite ...