A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.

Hackers are dodging Windows security tools by running secret Linux virtual machines with QEMU, an open-source virtualizer.