Supply chain worm with its own MCP server spreads via GitHub

A new malware is circulating in the npm ecosystem, stealing credentials and CI secrets and spreading autonomously.
Threat Post

NPM Package Steals Passwords via Chrome’s Account-Recovery Tool

In another vast software supply-chain attack, the password-stealer is filching credentials from Chrome on Windows systems via ChromePass. A credentials-stealing code bomb that uses legitimate password ...