ByteBrief
We're a portrait publication through and through. Turn your phone back and your briefing picks up right where you left it.
(We tried widescreen once. It wasn't us.)

Two hijacked npm packages and a cluster of Go packages deploy a Python infostealer on Windows, Linux, and macOS. The attack hides execution inside a VS Code task named "eslint-check" that runs automatically when the project folder opens. The malware retrieves encrypted JavaScript from blockchain transaction data and launches a socket.io backdoor.
Tap to vote and see what everyone thinks.
Summary by ByteBrief