Attacker Adds Evasive Technique to Their Ongoing Attacks on NPM
Intro A few weeks ago, we wrote about a new threat actor we called RED-LILI and described their capabilities, including an in-depth walkthrough of the automated system for publishing malicious NPM packages from automatically created user accounts.After our publication, we