A supply-chain attack compromised the Jscrambler npm package, introducing trojanized versions that executed a hidden cross-platform credential-stealing payload on Windows, Linux, and macOS. The malware targeted cloud credentials (AWS, Azure, GCP), developer secrets, CI/CD environments, cryptocurrency wallets, browser data, and AI/MCP configuration files....