New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally

The malware allows an attacker to run shell commands, take screenshots, and upload files to infected machines. Aikido Security says these packages collectively account for nearly 1 million machines.