Software Supply Chain Security11 July 2026
Fake Paysafe, Skrill and Neteller SDKs on npm and PyPI Steal CI/CD Secrets
Seventeen packages impersonating payment-provider SDKs returned convincing fake success responses while quietly harvesting environment-variable secrets to an ngrok-tunnelled command-and-control server.
supply-chain-securitynpmpypi