<ul><li>A yearlong supply-chain attack has been targeting security professionals and stealing 390K credentials.</li><li>The attack infects devices through Trojanized versions of open source software from GitHub and NPM.</li><li>Multiple methods, including spear phishing and infecting open source repositories, are used in the attack.</li><li>The attackers aim to collect sensitive information, such as SSH private keys and AWS access keys, and also install cryptomining software.</li></ul>

Yearlong supply-chain attack targeting security pros steals 390K credentials

Discover more