JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
Butterscotch, a 19-foot python, goes missing from her enclosure even though the doors are shut and the lock is still on.