Supply chain attack hits npm package with 45,000 weekly downloads
From BleepingComputer to All on Thu May 8 16:24:38 2025
An npm package named 'rand-user-agent' has been compromised in a supply chain attack to inject obfuscated code that activates a remote access trojan (RAT) on the user's system. [...]