JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
At Replit, X profiles have become the "main medium" for recruiting, said the company's chief people officer.